Sean D. Mack
CIO/CISO and author (Enterprise Security: A Data‑Centric Approach) who discusses real‑world cybersecurity leadership conversations and enterprise risk focus areas.
AI Tools Turning Into Essential Cognitive Infrastructure
Waiting for Claude tokens to renew like an addict waiting for a fix. That feeling probably says something about how quickly these tools are becoming cognitive infrastructure.
GRC Tools Are Still Just Digital Filing Cabinets
The GRC market is booming. Feels like I hear about a new platform every day but most platforms still feel like digital filing cabinets for policies and screenshots. There has to be a better way. What have you found that...
Basic Security Issues Outpace Complex Threats, Says CXO Advisor
One of the big advantage we have here at CXO Advisor is threat intel. We talk to security leaders across industries every week and the same concerns surface independently. Interestingly, it's not the complex theoretical threats, it's the basics: AI...
AI-Driven Attacks Exploit Simple FortiGate Misconfigurations Globally
New threat intel shows a financially motivated threat actor using commercial generative AI tools to compromise more than 600 FortiGate devices across 55+ countries by exploiting exposed management ports and weak credentials, not zero-day vulnerabilities. AI is amplifying basic security...
NYC Cyber Leaders: Private Dinner on Dataverse Protection
If you’re a cybersecurity leader in NYC, join me this Thursday for a roundtable dinner focusing on New Strategies to Protect Your Expanding Dataverse. Private dinner, peer conversation, no vendor pitch. These are the discussions where the real issues come...
AI Governance and Cybersecurity Frameworks at Virtual Summit
I'm excited to be speaking today at the Virtual AI Summit on the cybersecurity implications of AI! I'll be talking about practical frameworks for AI deployment and oversight. If AI is on your roadmap, governance join me there today: https://buff.ly/6C9RTgu
MFA: Simple, High-Leverage Security for SMBs
Multi factor authentication is still one of the highest leverage security controls for SMBs. It is not flashy, but it closes real doors. Simple controls done consistently still win. https://buff.ly/jk1Ucgh
Align Governance, Risk, and Compliance for Cohesive Strategy
Governance sets direction. Risk measures exposure. Compliance checks alignment. And yet, frequently, these three are completely misaligned. How do governance, risk, and compliance work together for your organization?
Fractional CISO: Full Accountability, 24/7 Availability
Fractional CISO does not mean fractional accountability. Every client I work with has my cell phone. Security incidents do not respect office hours, and advisory only works if there is shared ownership.
GRC Tools Need Business‑focused Risk, Not Spreadsheet Tickets
There are a lot of new entrants coming into the GRC market right now, which tells you something interesting is happening. But most of what I see still feels like workflow layered on top of spreadsheets. Executives do not need more...
Seeing Bugs in IDE Boosts Fixes From 0% to 70%
“At Facebook, they found that when security vulnerabilities were reported as issues, nearly 0% got fixed. But when these same problems appeared directly in the developer’s IDE, where the red squiggles were difficult to ignore, fix rates jumped to around...
Boards Pivot to Recovery as Breach Assumption Grows
As more companies “assume breach,” I am seeing a shift from prevention to recovery. Boards are starting to ask different questions.
Recovery Plans Must Assume Active Directory Can Fail
If Active Directory is down, can you even log in to start restoring backups? A lot of recovery plans assume core services are intact but that's not always a safe bet.
AI Threats Demand Distinct Policy Beyond Existing Security Frameworks
Thinking a lot about AI security vs traditional security. Do we actually need a separate AI policy, or should this live inside the security and governance structures we already have? To answer this we need to consider how AI and...