The SEC should require disclosure of cybersecurity controls

January 17, 2025

8-K filings for material cybersecurity incidents should require disclosure of all cybersecurity controls (software and services) in place when the event occurred.

Discussion: LinkedIn

Twitter Facebook LinkedIn

Security Operations Center (SOC) outcomes in the age of AI

May 12, 2026

For all the hype around AI and agentic Security Operations Center (SOC) solutions, what truly matters comes down to two questions:

Exploits and malware are still subject to the laws of physics

May 8, 2026

Why AI-powered vulnerability discovery and software exploitation don’t change the fundamentals of durable defense.

Introducing Atomic Scorecard: A test tracking tool for ATT&CK + Atomic Red Team

April 18, 2026

Customer discovery questions (or, better alternatives to “What keeps you up at night?”)

April 9, 2026

Whether you’re a founder, in sales, an account manager, or in almost any other customer-facing role, the most valuable thing you can do is ask your customers questions, and learn what their goals, incentives, and measures look like.

by Keith McCammon

The SEC should require disclosure of cybersecurity controls

You May Also Enjoy

Security Operations Center (SOC) outcomes in the age of AI

Exploits and malware are still subject to the laws of physics

Introducing Atomic Scorecard: A test tracking tool for ATT&CK + Atomic Red Team

Customer discovery questions (or, better alternatives to “What keeps you up at night?”)