Blog

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/13 Mailbox rules in O365—a post-exploitation tactic in cloud ATO (Proofpoint) Mailbox rules are a high-risk post-exploitation tactic.?Attackers abuse native mailbox rules for exfiltration, persistence, and communication manipulation. Combined with third-party services and domain spoofing, attackers can hijack threads, impersonate victims, and manipulate vendor communications, all without network-level interception.  https://www.proofpoint.com/us/blog/threat-insight... read more.

• April 24, 2026

By Steve Gold, Posted in Security

Written with contributions from Bryon Singh, Director of Security Operations, RailWorks Corporation In The Lord of the Rings, the One Ring is small, unassuming, and even useful—at first. It grants power and convenience, but every additional moment it’s worn increases risk, influence, and loss of control. The danger isn’t obvious until it’s too late. Browser and email client extensions often play the same role in enterprise environments. They look harmless, promise productivity, and... read more.

• April 21, 2026

By Steve Gold, Posted in Security

Written with contributions from Bryon Singh, Director of Security Operations, RailWorks Corporation In The Matrix Reloaded (2003), the Merovingian controls access to critical pathways inside the Matrix. He doesn’t stop everyone—he decides who and what is allowed to pass. Information still flows, but only through channels he permits. That selective control is what gives him power. CIS Safeguard 9.3 is built on the same principle. Network-based URL filtering isn’t about blocking the intern... read more.

• April 14, 2026

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/6 How Microsoft 365 Copilot Customers Should Think About Agent Control (Rubrik) Building your agent control framework around Copilot now means you're prepared when the rest of the agent ecosystem arrives. Rubrik Agent Cloud's vendor-neutral architecture ensures that the policies, monitoring, and recovery capabilities you build today extend seamlessly to every agent platform you adopt tomorrow. https://www.rubrik.com/blog/company/26/4/how-microsoft-365-copilot-customers-should-think-about-agent-c... read more.

• April 10, 2026

By Steve Gold, Posted in Security

Written with contributions from Bryon Singh, Director of Security Operations, RailWorks Corporation In CSI: Crime Scene Investigation (2000–2015), the most important moments don’t happen when evidence is collected—they happen when investigators review it, correlate it, and challenge assumptions. Bags of evidence sitting on a shelf solve nothing. The case only breaks when someone sits down, replays the data, and asks, “What does this actually tell us?” That is the core idea be... read more.

• April 07, 2026

By Eric Corcoran, Posted in Technology Week in Review

Monday 3/30 Temporal hunting: Time as a threat hunting surface (Cribl) By embedding threat intelligence at the pipeline level and carrying it through federated searches, organizations gain a hunting workflow that thinks in time, not silos. Every pivot to hot alerts, warm logs, or long-term archives is accelerated and informed. https://cribl.io/blog/temporal-hunting-time-as-a-threat-hunting-surface/ Citrix + Amazon WorkSpaces Core: A Flexible Path to Cloud VDI Historically, Azure was effectively the onl... read more.

• April 03, 2026

By Steve Gold, Posted in Security

Written with contributions from Bryon Singh, Director of Security Operations, RailWorks Corporation In Blade Runner 2049 (2017), the central mystery hinges on memory. What was recorded, what was preserved, and what was lost determines who can understand the truth and who remains in the dark. The film makes a simple but powerful point: without reliable memory, reconstruction becomes speculation. CIS Safeguard 8.10 is built on that same idea. If audit logs are not retained long enough, incidents can’t... read more.

• March 31, 2026

By Timothy Karl, Posted in Infrastructure

As more organizations look to move desktops to the cloud, many don’t want to give up the platforms they already rely on. For teams running Citrix, Amazon WorkSpaces Core offers a simple way to extend into AWS without starting over. This shift is important because, historically, Azure was effectively the only practical option for running Windows 10/11 multi-session desktops, especially for organizations aligned with Microsoft 365. In many cases, that meant customers were forced into Azure for VDI, eve... read more.

• March 30, 2026

By Eric Corcoran, Posted in Technology Week in Review

Monday 3/16 When AI Writes the Code, Who Controls the Agents? (Rubrik) Agents introduce a new category of risk. They operate autonomously as non-human identities with access to enterprise systems and data. And unlike traditional software, large language models are non-deterministic. Even well-designed agents can behave unpredictably. https://www.rubrik.com/blog/company/26/3/when-ai-writes-the-code-who-controls-the-agents Tuesday 3/17 Understanding and Reducing AI Risk in Modern Applications (Wiz) Unde... read more.

• March 27, 2026

By Steve Gold, Posted in Security

Written with contributions from Bryon Singh, Director of Security Operations, RailWorks Corporation In Apollo 11 (1969), hundreds of engineers didn’t sit scattered across the country making independent decisions. Instead, Mission Control in Houston became the single place where telemetry, voice communications, and system status converged. When something changed on the spacecraft, everyone who needed to know saw the same data, at the same time, and acted from a shared understanding. That is precisely... read more.

• March 25, 2026