William Tulaba

William Tulaba is a cybersecurity executive and security engineering leader focused on enterprise security strategy, cloud risk, and security operations.

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 7

The First 10 Cybersecurity Gaps Most Businesses Should Look For One of the hardest parts of improving cybersecurity is knowing where to start. Most businesses already know they have gaps. That is not the problem. The problem is prioritization. What should be fixed first? What creates the most risk? What matters to customers, insurers, auditors, […]

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 7 Read More »

William Tulaba Natick Cybersecurity Readiness - Part 6

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 6

Why Maturity Matters More Than Yes-or-No Answers A lot of cybersecurity questionnaires ask questions that sound simple. Do you have an incident response plan? Do you use MFA? Do you perform backups? Do you conduct security awareness training? Do you review user access? Do you monitor logs? Those questions are useful, but they can also

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 6 Read More »

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 5

The Cyber Insurance Wake-Up Call For many businesses, cybersecurity gaps do not become obvious during a planning meeting. They become obvious when a cyber insurance application shows up. That is when the questions get specific. Do you enforce MFA? Do you use endpoint detection and response? Do you test backups? Do you have an incident

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 5 Read More »

William Tulaba Natick Cybersecurity Readiness - Part 4

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 4

The Problem with Security Questionnaires At some point, a growing business is going to get one of these emails: “Before we can move forward, please complete our security questionnaire.” That sentence can turn a simple sales process, renewal, partnership, or vendor review into a scramble. Suddenly someone needs to answer dozens, sometimes hundreds, of questions

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 4 Read More »

William Tulaba Natick Cybersecurity Readiness - Part 3

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 3

NIST CSF 2.0 Without the Consultant Price Tag n Part 2, I talked about the difference between compliance and readiness. Compliance can help a company meet requirements. Readiness helps a company understand whether it can actually protect the business, respond under pressure, and improve over time. Once you understand that gap, the next question becomes:

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 3 Read More »

William Tulaba Natick Cybersecurity Readiness - Part 2

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 2

Why Cybersecurity Readiness Is Not the Same as Compliance If you read Part 1, you already know the problem: many businesses say they measure themselves against the NIST Cybersecurity Framework, but far fewer can actually show the evidence. That alone is concerning, but the problem gets bigger when companies start confusing compliance with readiness. They

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 2 Read More »

William Tulaba Natick Cybersecurity Readiness - Part 1

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 1

Part 1: Most Businesses Do Not Know Their Cybersecurity Posture A lot of companies say they measure themselves against the NIST Cybersecurity Framework. The harder question is this: Can they show the receipts? That is where things usually get interesting. I have worked in technology and cybersecurity long enough to know that most companies are

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 1 Read More »

William Tulaba Natick AI - Artificial Intelligence

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 6

Zero Trust for AI Systems From Principle to Architecture Across this series, we’ve established a clear progression: Cybersecurity fundamentals still apply (Part 1) Risk shifts from human inconsistency to machine consistency (Part 2) Small gaps become large incidents at machine speed (Part 3) Identity and data become the primary control plane (Part 4) Trust must

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 6 Read More »

William Tulaba Natick AI - Artificial Intelligence

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 5

Continuous Validation Over Static Trust If there is one assumption that has quietly shaped cybersecurity for years, it’s this: Once something is trusted, it remains trusted. A user authenticates successfully.A system is granted access.A configuration is approved. And from that point forward, we assume things will behave as expected. In traditional environments, that assumption, while

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 5 Read More »

William Tulaba Natick AI - Artificial Intelligence

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 4

Why Identity and Data Become Non-Negotiable If AI amplifies risk through speed, scale, and repetition, then the question becomes: Where do you enforce control? In traditional environments, organizations relied on multiple layers: Network boundaries Endpoint controls User behavior Application logic These layers created redundancy. If one control failed, another might catch the issue. In AI-driven

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 4 Read More »