William Tulaba

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 1

Part 1: Most Businesses Do Not Know Their Cybersecurity Posture A lot of companies say they measure themselves against the NIST Cybersecurity Framework. The harder question is this: Can they show the receipts? That is where things usually get interesting. I have worked in technology and cybersecurity long enough to know that most companies are […]

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 1 Read More »

William Tulaba Natick AI - Artificial Intelligence

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 6

InfoSec / William Tulaba

Zero Trust for AI Systems From Principle to Architecture Across this series, we’ve established a clear progression: Cybersecurity fundamentals still apply (Part 1) Risk shifts from human inconsistency to machine consistency (Part 2) Small gaps become large incidents at machine speed (Part 3) Identity and data become the primary control plane (Part 4) Trust must

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 6 Read More »

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 5

InfoSec / William Tulaba

Continuous Validation Over Static Trust If there is one assumption that has quietly shaped cybersecurity for years, it’s this: Once something is trusted, it remains trusted. A user authenticates successfully.A system is granted access.A configuration is approved. And from that point forward, we assume things will behave as expected. In traditional environments, that assumption, while

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 5 Read More »

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 4

InfoSec / William Tulaba

Why Identity and Data Become Non-Negotiable If AI amplifies risk through speed, scale, and repetition, then the question becomes: Where do you enforce control? In traditional environments, organizations relied on multiple layers: Network boundaries Endpoint controls User behavior Application logic These layers created redundancy. If one control failed, another might catch the issue. In AI-driven

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 4 Read More »

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 3

InfoSec / William Tulaba

When Good Security Fails at Machine Speed In cybersecurity, most organizations don’t fail because they lack controls. They fail because those controls were never designed to operate under extreme scale, speed, and repetition. In a human-driven environment, “good enough” security can often hold. In an AI-driven environment, it breaks. The Hidden Assumption Behind “Good Security”

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 3 Read More »

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 2

InfoSec / William Tulaba

Humans vs. Machines — A Fundamental Shift in Risk In cybersecurity, we’ve always designed controls around one central reality: People make mistakes. Security awareness programs, phishing simulations, access reviews, and approval workflows all exist because human behavior is inherently inconsistent. People hesitate. They question. They make judgment calls. Sometimes they get it wrong, but just

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 2 Read More »

Blog Series: Cybersecurity Fundamentals in the Age of AI

InfoSec / William Tulaba

Part 1: The Illusion That AI Changes Everything Artificial Intelligence is dominating every technology conversation right now. Organizations are racing to adopt it. Vendors are embedding it into their platforms. Security teams are being asked, often urgently, how to secure it. And in the middle of all of this, a common narrative has emerged: “AI

Blog Series: Cybersecurity Fundamentals in the Age of AI Read More »

William Tulaba Natick AI NIST CSF 2.0 Securing AI

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 5 AI (RS.MI)

InfoSec / William Tulaba

Part 5: AI Incident Response (RS.MI) Preparing for AI Security Incidents AI introduces new types of cybersecurity incidents that traditional response plans may not fully address. Examples include: Exposure of confidential data through generative AI outputs Manipulation of AI models affecting automated decisions Compromised training data altering system behavior Abuse of AI tools for internal

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 5 AI (RS.MI) Read More »

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 4 AI (DE.CM)

InfoSec / William Tulaba

Part 4: AI Threat Detection (DE.CM) Monitoring AI Systems and AI-Enabled Attacks Artificial intelligence is enabling new forms of cyberattacks, including: AI-generated phishing campaigns Deepfake impersonation attempts Automated vulnerability discovery Manipulation of AI models through crafted inputs The Detect function of NIST CSF 2.0 focuses on identifying cybersecurity events quickly through continuous monitoring. Monitoring AI

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 4 AI (DE.CM) Read More »

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 3 AI (PR.DS)

InfoSec / William Tulaba

Part 3: AI Data Security & Data Security Posture Management (PR.DS) Data Is the Foundation of AI Artificial intelligence systems depend heavily on data. Training datasets, model outputs, and user prompts may contain sensitive business information. The Protect function of NIST CSF 2.0 emphasizes safeguarding data from unauthorized access and misuse. Protecting AI Training Data

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 3 AI (PR.DS) Read More »

William Tulaba

Get all the latest news and info sent to your inbox.