Galactic Research: Articles & Insights
Part 1: The AI Implementation Question Is Coming. Are You Ready to Answer?
I had lunch a few weeks ago with an executive at a financial services firm, the kind of client every security advisor quietly hopes for: growing, regulated, complex enough to need real security help and profitable enough to pay for ...
AI Security
Part 1: The AI Implementation Question Is Coming. Are You Ready to Answer?
I had lunch a few weeks ago with an executive at a financial services firm, the kind of client every security advisor quietly hopes for: growing, regulated, complex enough to need real security help and profitable enough to pay for ...
OpenClaw's Marketplace Got Stuffed With Malware. Here's Why That Was Always Going to Happen.
What a Malware-Filled AI Agent Marketplace Tells Us About How the Industry Keeps Making the Same Mistake I've spent the better part of my career watching organizations adopt new technology faster than they can secure it, and documenting what happens ...
The Deepfake Was Convincing. So Was My Backpack.
Why Social Engineering Still Works, Why AI is Making it Sharper, and the One Habit that Stops it In early 2024, an employee at Arup, a global engineering firm, joined a video call with several colleagues, including someone who appeared ...
Threat Intelligence
Threat Thursday: June 18th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. Every Thursday we break down the cybersecurity stories that matter most for protecting your organization, with each item split into what happened, what it could mean for you, and what to ...
Threat Thursday: June 11th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. This week's stories share one theme: the gap between a vulnerability becoming public and a working exploit existing is collapsing toward hours, and the coordinated disclosure process meant to give defenders ...
Threat Thursday: June 4th, 2026
Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup. This week's stories have a clear pattern: attackers didn't find obscure entry points or novel techniques but instead went after the things you were already using and already trusting. As always, ...
Security Education
Vulnerabilities Are Now the #1 Way In. The Window to Fix Them Is Closing.
Most of the time, I didn't break into a network so much as let myself in through something with a fix already out (just not installed yet): the VPN concentrator three versions behind, the firewall with a known vulnerability fixed ...
Your OSINT Reality Check: Here’s What an Attacker Is Finding in 30 Minutes or Less
Today’s connected, AI-driven digital ecosystem has made it easier than ever to build a professional brand, network with peers, and share ideas with a wider audience. It’s opened doors for businesses that simply didn't exist before: new customers, new partnerships, ...
Part 2: Threat Actors Don't Pick You. You Just Happen to Be There.
In Part 1, we established that Handala didn't pick Stryker off a strategic target list and then figure out how to break in. They found access, recognized the value, and used it. That's still a deliberate, damaging attack—it just means ...
Strategy & Leadership
Building Trust in Executive Relationships: Lessons from King Lear
A Framework for Establishing the Kind of Trust that Survives Budget Season Imagine the curtain going up and a group of players act out the opening scenes of Shakespeare's King Lear, just for you. An aging king sits in his ...
Your Jokes Were Funny. They Still Didn't Renew.
How MSPs Build the Kind of Client Rapport That Survives a Budget Review You walked out of the meeting feeling good. The handshake was firm, the small talk landed, and you even got a laugh with the printer joke. You ...
Value That Converts: Why Your vCSO Pitch Keeps Getting Pushed to IT
You walked out of that meeting feeling like a closer. Your credentials were on point. You covered the whole stack: EDR, SIEM, MDR, quarterly risk assessments, tabletop exercises, NIST alignment. Your vCSO offering was solid. You even had a phased ...
All Articles
The IRS Test: Why Your Cyber Program Needs More Than Just Good Intentions
Think about your cybersecurity the same way you’d think about your books. Everyone says they “take security seriously.” But when the auditors show up—or worse, the breach happens—intentions don’t matter. Proof does. Here’s how I break it down for MSPs ...
When the Fire Hits, You Better Have a Map
You lock your office. You set the alarm. Maybe you even have a camera watching the front door. You’re not careless—you take reasonable steps to protect your business. But here’s the part no one tells you: when the fire starts—when ...
Victoria’s Secret Just Pulled the Plug on Its Website. Here’s Why That Should Worry You.
Last week, Victoria’s Secret—the billion-dollar lingerie brand—shut down its U.S. website and paused some store services. They called it a “security incident.” No one knows yet what happened behind the scenes, but one thing is clear: it was serious enough ...
How a Waiver (Yes, Like Skydiving) Could Protect Your Business in Court
You wouldn’t go skydiving without signing a waiver. Why? Because when something goes wrong mid-air, you don’t want to debate liability on the way down. Here’s the problem: most businesses are making high-risk IT decisions without any form of documentation. ...
They Didn’t Break In. They Just Called.
She thought it was her bank. They were polite. Professional. Helpful. They said her account had been compromised. They just needed to “verify a few things.” They even helped her set up Zelle to “protect her funds.” Two weeks later, ...
The One Employee Who’s Never Taken Your Security Training (and Never Will)
Let me introduce you to the new team member quietly absorbing everything about your business. They don’t sleep. They don’t forget. They don’t ask questions. And they’ve never—not once—completed your security training. Meet: Your Employee’s AI Assistant. AI Doesn’t Just ...
Your Data Is Missing, Your Clients Are Calling, and You Have No Plan
You have data. Some of it keeps hackers up at night. The rest just keeps your business running. Either way, it all matters when the breach hits—and if you don’t know where it lives, how to prioritize it, or how ...
Think Your IT Team Has You Covered? Let’s Find Out.
Are your IT people taking the right steps to protect your business? Here’s a simple test. One question. No tech degree required: When’s the last time you reviewed an Incident Response Plan they wrote for you? If your answer is ...
The Breach Is Bad. The Response Is Worse.
You’ve been breached. Your inbox is offline. Your phones are ringing. Your team is scrambling. Clients are calling. The board wants answers. And you? You’re staring at the ceiling, trying to remember who’s supposed to talk to the press. This ...
Is Your IT Guy About to Lose You Your Business? Your Career? Your House?
If you’re a CEO, CFO, or business owner, your IT guy might be the weakest link in your liability chain. Yeah, I said it. This is the person who couldn’t get your email to sync on your phone last week. ...
Joy’s $300K Ice Cream Disaster: Why CEOs Should Fear Sugar Cones and Section 5
Last week, I had an ice cream cone. The old-school sugar kind. Delicious, nostalgic—and apparently a hacker favorite. Because back in February 2023, the folks at Joy, the ice cream cone company, got breached. That’s right—cone makers. And not just ...
You Trained the Interns. But Who Trained the Guy With the Keys?
You’ve probably sat through user awareness training at some point. “Don’t click links from Nigerian princes.” “Don’t send wire transfers to people you’ve never met.” You’ve checked that box. You’ve probably made your employees do it too. Maybe even once ...
