I Did A Thing! Proud to be a Contributing Author

Stardate 01/29/2026

This is so special to me, and I am deeply honoured to have been asked to be a contributing author to the annual report “State of Cybersecurity in Canada Report 2026” by the Canadian Cybersecurity Network (CCN). There is a wealth of analysis and expertise contained, uniquely focused on Canada, by senior leaders and highly experienced people in the field. Here is the link: https://canadiancybersecuritynetwork.com/download-the-ccn-2026-state-of-cybersecurity-report

My submission is titled “Securing Critical Infrastructure: Canada Can Light the Way Forward”, on page 55. To know me is to know my interest in threats targeting critical infrastructure and helping those defenders. Across 2025, I gave a series of talks with James Troutman about how bad things happen to critical infrastructure, the societal impact, and the need for resilience. That inspired my contribution to the report, and here is an abstract: 2025 has been a year of volatility and seismic change, affecting international relations, the economy, and the environment. Canada’s new opportunities, as outlined by Prime Minister Carney, feature our strengths in natural resources, technology and AI. However, none of this can happen without critical infrastructure, which underpins all that we need and aspire to. As our world evolves beyond expectations, organizations, public and private, must rapidly respond and change course from our existing strategies to ensure our nation’s digital sovereignty and endurance for the future. Mitigation and recovery will require resilience powered by community and collaboration, and situations will become greater than individual nations can come back from on their own. I believe that through our domestic initiatives and international cooperation, Canada can light the way toward global resilience and collaboration for the journey ahead. As the saying goes, “if you want to go fast, go alone. If you want to go far, go together.”

I hope you’ll download a copy of the report and find some good stuff to work with.

Well Hell-Ohh! And it’s 2026

STARDATE 01/23/2026

I’d love to say “Blink and you missed it” for the remainder of 2025, but alas, we weren’t so lucky. It wasn’t just some bad dream we woke up from, sighed, and shook off. Instead, it followed us right into the new year. I joke about my uncanny ability to “see bad things” but I really don’t like being right. Let’s call 2025 the opening act to the main event aka 2026 and what comes next.

This year isn’t going to be about just fixing what’s broke, or cleaning up the damage. It’s going to be about learning to live with the damage done. Once dedicated guardians in a global security community, CISA and other hollowed-out institutions and organizations have lost the capability and experience to respond, to monitor and proactively defend. That gaping wound is like a neon welcome sign to adversaries.

The adversaries have been steadily accumulating an arsenal of data for initial access and further compromise, while building out their cybercriminal infrastructure. They learn from our mistakes even when we don’t. They have the keys to the kingdoms – secrets, tokens, source codes, git repos, admin privilege. We’re way past credential theft, but they have all those too. Scattered Lapsus$ Hunters is the alliance of three cybercriminal gangs and evolution of script kiddie angst.

If we try to carry on BAU, then we’ve failed out of the gate. Successive network and security appliance vulnerabilities – Citrix, Fortinet – exploited. Chinese state-sponsored groups embedded for years in telco infrastructure, and prepositioning for attacks on critical infrastructure. A series of software supply chain compromises via NPM. The Salesloft drift breach had massive impact and reach. We’re frantically trying to identify and patch but exposure and exploitation have already ushered in whatever comes next.

With cost-gutting rampant and the misguided belief that advanced shiny tech will do our bidding, it’s time we told the Emperor he has no clothes. Despite all the potential and promises, AI isn’t coming to save us. It’s only as good as the flawed humans who teach it, so that it can then fail faster and bigger. And it should never, ever, be trusted to run without our supervision. “I, Robot” ended badly, remember?

I leave you with this: Plans + Preparation = Resilience. Think bigger than security. Think about what comes next.

Welcome to 2025! The year of “This wasn’t on my Bingo card”

STARDATE 11/30/2025

It’s been a minute. I started this blog in 2015 when I was new and all was shiny. I thought it was a great way to capture my learning journey and share information. I’ve kept those original sections in the menu because we still have those issues to deal with now, plus more. Historical context plays an important role when looking at threat actor behaviour or patterns of events. And as we know, history repeats. Yes, we need to look forward and not keep checking the rearview mirror BUT the past can have a powerful hold on us when we don’t learn from our mistakes, or move on too quickly and so I am keeping all that detail here, like time capsules, for future reference.

Our world, our civilization, changed with the pandemic of 2020. It feels like we’ve moved on but we’ll never return to the “before times”. This is very important to understand as we grapple with the year of OMG WTF, 2025. The consequences of decisions made take time to manifest – just because it hasn’t happened doesn’t mean it won’t. Be prepared to reap what has been sown in the AI frenzy, with the massive and devastating cuts to tech and security workforces, compounded by ongoing “unprecedented” disasters and storms driven by climate change, against a highly volatile and violent geopolitical backdrop. Silos exist for grain storage and enterprise bureaucracy – life is messy, lines are blurred, and so much overlaps. Nobody said this would be easy – except maybe that guy who sold us the SIEM.