Galactic Research: Articles & Insights
Part 1: The AI Implementation Question Is Coming. Are You Ready to Answer?
I had lunch a few weeks ago with an executive at a financial services firm, the kind of client every security advisor quietly hopes for: growing, regulated, complex enough to need real security help and profitable enough to pay for ...
AI Security
Part 1: The AI Implementation Question Is Coming. Are You Ready to Answer?
I had lunch a few weeks ago with an executive at a financial services firm, the kind of client every security advisor quietly hopes for: growing, regulated, complex enough to need real security help and profitable enough to pay for ...
OpenClaw's Marketplace Got Stuffed With Malware. Here's Why That Was Always Going to Happen.
What a Malware-Filled AI Agent Marketplace Tells Us About How the Industry Keeps Making the Same Mistake I've spent the better part of my career watching organizations adopt new technology faster than they can secure it, and documenting what happens ...
The Deepfake Was Convincing. So Was My Backpack.
Why Social Engineering Still Works, Why AI is Making it Sharper, and the One Habit that Stops it In early 2024, an employee at Arup, a global engineering firm, joined a video call with several colleagues, including someone who appeared ...
Threat Intelligence
Threat Thursday: June 18th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. Every Thursday we break down the cybersecurity stories that matter most for protecting your organization, with each item split into what happened, what it could mean for you, and what to ...
Threat Thursday: June 11th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. This week's stories share one theme: the gap between a vulnerability becoming public and a working exploit existing is collapsing toward hours, and the coordinated disclosure process meant to give defenders ...
Threat Thursday: June 4th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. This week's stories have a clear pattern: attackers didn't find obscure entry points or novel techniques but instead went after the things you were already using and already trusting. As always, ...
Security Education
Vulnerabilities Are Now the #1 Way In. The Window to Fix Them Is Closing.
Most of the time, I didn't break into a network so much as let myself in through something with a fix already out (just not installed yet): the VPN concentrator three versions behind, the firewall with a known vulnerability fixed ...
Your OSINT Reality Check: Here’s What an Attacker Is Finding in 30 Minutes or Less
Today’s connected, AI-driven digital ecosystem has made it easier than ever to build a professional brand, network with peers, and share ideas with a wider audience. It’s opened doors for businesses that simply didn't exist before: new customers, new partnerships, ...
Part 2: Threat Actors Don't Pick You. You Just Happen to Be There.
In Part 1, we established that Handala didn't pick Stryker off a strategic target list and then figure out how to break in. They found access, recognized the value, and used it. That's still a deliberate, damaging attack—it just means ...
Strategy & Leadership
Building Trust in Executive Relationships: Lessons from King Lear
A Framework for Establishing the Kind of Trust that Survives Budget Season Imagine the curtain going up and a group of players act out the opening scenes of Shakespeare's King Lear, just for you. An aging king sits in his ...
Your Jokes Were Funny. They Still Didn't Renew.
How MSPs Build the Kind of Client Rapport That Survives a Budget Review You walked out of the meeting feeling good. The handshake was firm, the small talk landed, and you even got a laugh with the printer joke. You ...
Value That Converts: Why Your vCSO Pitch Keeps Getting Pushed to IT
You walked out of that meeting feeling like a closer. Your credentials were on point. You covered the whole stack: EDR, SIEM, MDR, quarterly risk assessments, tabletop exercises, NIST alignment. Your vCSO offering was solid. You even had a phased ...
All Articles
Disaster-Proofing Your Business: Start with Incident Response
Why You Must Think Like Emergency Planners Imagine it’s 1:00 a.m. The rain’s been steady, but you’re asleep. Somewhere upstream, the ...
The One Thing Your Clients Aren’t Doing—That Could Take You Down
You lock down endpoints. You deploy tools. You make smart recommendations. But here’s the cold truth: None of it will matter if your client can’t prove their decisions. In today’s climate, insurance carriers and lawyers don’t just want to know ...
“We’ve Got This Handled.” Famous Last Words.
I was just talking to an MSP owner last night at CRN Secure. Confident guy. Told me he had everything covered when it came to cyber liability. So I hit him with a few of my favorite questions: How are ...
What If Your Bookkeeper Just Became the Most Dangerous Person in Your Company?
If a hacker got access to your bookkeeper’s account today, would you know what to do? (And no, “call your IT ...
Why Rushing Compliance Could Be the Most Expensive Mistake Your Business Ever Makes
Imagine someone telling you they could build out your entire HIPAA compliance program in under three days. That’s not a typo. Three days. No heavy lifting required on your part. Sounds almost ...
What Happens When You Hire an Assistant and Never Tell Them What to Do?
You finally decide to splurge. You hire a full-time assistant. This person is sharp — they can handle your emails, juggle ...
Your Cell Phone Is a Loaded Gun—Pointed at Your Business
Imagine handing the keys to your front door, your company vault, and your private office to a complete stranger. Then inviting them to rifle through everything you own. That’s exactly what you’re ...
Could Your Business Survive a Cyberattack? (Most Can’t—and Won’t)
The US bombed Iranian nuclear facilities last week. The result? A “spectacular military success,” sure—followed immediately by the Department of Homeland Security warning that Iran’s state-backed hackers are now eyeballing American businesses ...
Is Your IT Provider Setting You Up for a Data Breach?
There’s something buried deep inside your Microsoft 365 environment that your IT provider isn’t telling you about. It’s not a bug. It’s not even a breach. It’s worse. It’s a design flaw—a loophole that allows a guest user (someone outside ...
Will Your Cyber Insurance Actually Pay Out?
I was on a call with a client when the million-dollar question dropped: “What steps can I take to guarantee my ...
Who’s Enforcing the Rules in Your Organization?
Ever stop and ask yourself: Who on my team is actually responsible for getting people to follow the rules when it comes to technology? Not the person who installs the firewall. Not the vendor who sends you invoices for cybersecurity ...
Are You Running an MSP or a Hardware Store?
Stop selling security like it’s the power tools aisle at your local hardware store. Start building a strategy. Start with a plan. Then pour the foundation. I got an email from a partner this week. It started with the usual ...
