Sitemap - 2025 - RockCyber Musings

NIST’s New Cyber AI Profile: A Solid Foundation with Critical Gaps Your Security Team Can’t Ignore

Why Do Boards Ignore Your Cyber Risk Reports? NIST IR 8286r1 Has the Fix

Weekly Musings Top 10 AI Security Wrapup: Issue 24 December 12, 2025 - December 18, 2025

White House Issues Executive Order – Ensuring a National Policy Framework for Artificial Intelligence

Weekly Musings Top 10 AI Security Wrapup: Issue 23 December 5, 2025 - December 11, 2025

It's Here!!! The OWASP Top 10 for Agentic Applications Just Dropped. What you need to know.

React2Shell CVE-2025-55182: What I Learned Battling This Beast for a Week

Weekly Musings Top 10 AI Security Wrapup: Issue 22 November 21, 2025 - December 4, 2025

Claude Secure Coding Rules: Open Source Security That Scales

GTG-1002: What Anthropic’s First AI-Orchestrated Espionage Campaign Reveals About Autonomous Threats

Weekly Musings Top 10 AI Security Wrapup: Issue 21 November 14, 2025 - November 20, 2025

The Context Window Trap: Why 1M Tokens Won’t Save Your AI Agent

Weekly Musings Top 10 AI Security Wrapup: Issue 20 November 7, 2025 - November 13, 2025

Prompt Engineering Is Over. Context Engineering Is the New Skill.

Weekly Musings Top 10 AI Security Wrapup: Issue 19 October 31, 2025 - November 6, 2025

AAGATE: Governing the Ungovernable AI Agent

I Built TokenTally After a Friend Asked: “How Do I Budget for ChatGPT?”

Weekly Musings Top 10 AI Security Wrapup: Issue 18 October 24, 2025 - October 30, 2025

Stop Doing Agent Eval Theater: Why AISI's Transcript Analysis Actually Catches What Breaks

Weekly Musings Top 10 AI Security Wrapup: Issue 16 October 17, 2025 - October 23, 2025

Weekly Musings Top 10 AI Security Wrapup: Issue 15 October 10, 2025 - October 16, 2025

AI Supply Chain Security That Stands Up To ENISA 2025

MCP Security: Locking Down Agents After Real Exploits

Weekly Musings Top 10 AI Security Wrapup: Issue 14 October 3, 2025 - October 9, 2025

AI agent risk for boards. A 90 day oversight plan.

Weekly Musings Top 10 AI Security Wrapup: Issue 13 September 26 - October 2, 2025

AI budget is broken: a 90‑day realignment that pays for itself

Weekly Musings Top 10 AI Security Wrapup: Issue 12 September 19 - September 25, 2025

What You Need to Know About the Colorado AI Act

Shadow AI attack paths: OAuth, prompt injection, and a 30-60-90 plan

Weekly Musings Top 10 AI Security Wrapup: Issue 11 September 12 - September 18, 2025

ISO 42001 vs CARE: Fast-Tracking AI Governance Readiness and Beyond

Weekly Musings Top 10 AI Security Wrapup: Issue 10 September 5 - September 11, 2025

Vibe Coding’s Hidden Bill: Security, Maintainability, and the NIST Playbook

Weekly Musings Top 10 AI Security Wrapup: Issue 9 August 29 - September 4, 2025

NIST CSF 2.0 MCP Server: shipping an open source engine that turns framework into action

Weekly Musings Top 10 AI Security Wrapup: Issue 8 August 22 - August 28, 2025

Integrated AI strategy and governance or bust: why 95% of GenAI projects fail

Weekly Musings Top 10 AI Security Wrapup: Issue 7 August 15 - August 11, 2025

Filtered Training Data: Building Tamper-Resistant Open-Weight AI Models

Weekly Musings Top 10 AI Security Wrapup: Issue 6 August 8 - August 14, 2025

AI Chip Security: Trust Without Kill Switches

Weekly Musings Top 10 AI Security Wrapup: Issue 5 August 1 - August 8, 2025

What I’m Looking Forward to This Week at Black Hat 2025

Weekly Musings Top 10 AI Security Wrapup: Issue 4 July 25 - July 31, 2025

Securing Agentic Applications: The OWASP GenAI Security Blueprint

AI Security Baseline Playbook: My Take on ETSI TS 104 223

Weekly Musings Top 10 AI Security Wrap-Up: Issue 3 July 18 - July 24, 2025

America's AI Action Plan: What Washington Demands and How I Would Operationalize It

TRAIGA compliance Countdown: Texas AI Law Playbook

Weekly Musings Top 10 AI Security Wrap-Up: Issue 2 July 10 - July 17, 2025

EU AI Act compliance: Enterprise Sprint to the August 2 Deadline

Weekly Musings Top 10 AI Security Wrap-Up

Stop Chasing Ghost Jobs

AI Strategy Doomed To Fail: Why 80% Of C-Suites Are Wasting Millions

Navigating the Triad: How RISE and CARE Frameworks Transform AI Strategy and Governance

The Interdependent Triad of AI, Cybersecurity, and Business Enablement

Unlocking AI Potential: How Effective Leadership Drives Strategic Success

Aligning AI Strategy with Business Goals: Bridging the Gap Between Innovation and Value

Reports on Risk, Culture, and Performance

Information, Communication, and Reporting

Leverages Information and Technology

Reviewing Risk and Performance

Assessing Substantial Change

Watch the Game Film! — Review and Revision — RockCyber

Developing a Portfolio View

Implementing Risk Responses

Prioritizing Risk

Assessing the Severity of Risk

Identifying Risk — RockCyber

It’s Finally Time to Perform!

Be SMART and Make Your Cybersecurity Risk Management Program Actionable

Communicating Risk Information

Strategy, Frameworks and More Frameworks — RockCyber

How Hungry Are You For Risk?

The Only Constant is Change. Can You Keep Up?

The Cybersecurity Talent Shortage is BS!!!

Culture and Commitment

Cybersecurity by Committee

The Board Cyber Risk Oversight Problem

Don’t be THAT CISO!!!

Let’s Talk About Risk

Introducing RISE and CARE: A New Era in AI Strategy and Governance — RockCyber

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts