William Tulaba Natick Cybersecurity Readiness - Part 3

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 3

InfoSec /

NIST CSF 2.0 Without the Consultant Price Tag n Part 2, I talked about the difference between compliance and readiness. Compliance can help a company meet requirements. Readiness helps a company understand whether it can actually protect the business, respond under pressure, and improve over time. Once you understand that gap, the next question becomes: […]

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 3 Read More »

William Tulaba Natick Cybersecurity Readiness - Part 2

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 2

InfoSec /

Why Cybersecurity Readiness Is Not the Same as Compliance If you read Part 1, you already know the problem: many businesses say they measure themselves against the NIST Cybersecurity Framework, but far fewer can actually show the evidence. That alone is concerning, but the problem gets bigger when companies start confusing compliance with readiness. They

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 2 Read More »

William Tulaba Natick Cybersecurity Readiness - Part 1

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 1

InfoSec /

Part 1: Most Businesses Do Not Know Their Cybersecurity Posture A lot of companies say they measure themselves against the NIST Cybersecurity Framework. The harder question is this: Can they show the receipts? That is where things usually get interesting. I have worked in technology and cybersecurity long enough to know that most companies are

Blog Series: Cybersecurity Readiness for the Businesses That Need It Most – Part 1 Read More »

William Tulaba Natick AI - Artificial Intelligence

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 6

InfoSec /

Zero Trust for AI Systems From Principle to Architecture Across this series, we’ve established a clear progression: Cybersecurity fundamentals still apply (Part 1) Risk shifts from human inconsistency to machine consistency (Part 2) Small gaps become large incidents at machine speed (Part 3) Identity and data become the primary control plane (Part 4) Trust must

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 6 Read More »

William Tulaba Natick AI - Artificial Intelligence

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 5

InfoSec /

Continuous Validation Over Static Trust If there is one assumption that has quietly shaped cybersecurity for years, it’s this: Once something is trusted, it remains trusted. A user authenticates successfully.A system is granted access.A configuration is approved. And from that point forward, we assume things will behave as expected. In traditional environments, that assumption, while

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 5 Read More »

William Tulaba Natick AI - Artificial Intelligence

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 4

InfoSec /

Why Identity and Data Become Non-Negotiable If AI amplifies risk through speed, scale, and repetition, then the question becomes: Where do you enforce control? In traditional environments, organizations relied on multiple layers: Network boundaries Endpoint controls User behavior Application logic These layers created redundancy. If one control failed, another might catch the issue. In AI-driven

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 4 Read More »

William Tulaba Natick AI - Artificial Intelligence

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 3

InfoSec /

When Good Security Fails at Machine Speed In cybersecurity, most organizations don’t fail because they lack controls. They fail because those controls were never designed to operate under extreme scale, speed, and repetition. In a human-driven environment, “good enough” security can often hold. In an AI-driven environment, it breaks. The Hidden Assumption Behind “Good Security”

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 3 Read More »

William Tulaba Natick AI - Artificial Intelligence

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 2

InfoSec /

Humans vs. Machines — A Fundamental Shift in Risk In cybersecurity, we’ve always designed controls around one central reality: People make mistakes. Security awareness programs, phishing simulations, access reviews, and approval workflows all exist because human behavior is inherently inconsistent. People hesitate. They question. They make judgment calls. Sometimes they get it wrong, but just

Blog Series: Cybersecurity Fundamentals in the Age of AI – Part 2 Read More »

William Tulaba Natick AI - Artificial Intelligence

Blog Series: Cybersecurity Fundamentals in the Age of AI

InfoSec /

Part 1: The Illusion That AI Changes Everything Artificial Intelligence is dominating every technology conversation right now. Organizations are racing to adopt it. Vendors are embedding it into their platforms. Security teams are being asked, often urgently, how to secure it. And in the middle of all of this, a common narrative has emerged: “AI

Blog Series: Cybersecurity Fundamentals in the Age of AI Read More »

William Tulaba Natick AI NIST CSF 2.0 Securing AI

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 5 AI (RS.MI)

InfoSec /

Part 5: AI Incident Response (RS.MI) Preparing for AI Security Incidents AI introduces new types of cybersecurity incidents that traditional response plans may not fully address. Examples include: Exposure of confidential data through generative AI outputs Manipulation of AI models affecting automated decisions Compromised training data altering system behavior Abuse of AI tools for internal

Blog Series: Securing AI with the NIST Cybersecurity Framework 2.0 – Part 5 AI (RS.MI) Read More »

Get all the latest news and info sent to your inbox.