Reference content for CISOs, DPOs, and security teams — not the latest news, pieces that stay accurate.
Pieces we pin to get you started.
U.S. federal law (2018) compelling U.S.-headquartered cloud providers to hand over customer data on lawful U.S. request — regardless of where the data is physically stored — which conflicts with EU data-protection law for EU customers.
The Gartner-coined category that replaces Security Awareness Training with behavior-centered, evidence-producing controls applied at the moment of risk.
ANSSI's qualification scheme for trusted cloud providers — proving both technical security and immunity to non-EU extraterritorial law (notably the U.S. CLOUD Act), required for French public-sector and critical-infrastructure cloud workloads.
Latest publications.
Phishing simulations test one vector quarterly. Real risk hides in daily SaaS behaviors—public files, shadow IT, calendar exposure. Here's what to watch.
Your PSSI satisfies auditors but employees ignore it. Here's how to turn an ANSSI-aligned policy into measurable behavior — NIS2-ready, in 5 steps.
Organizations spend $5.6B/year on awareness training while 68% of breaches still involve human error. Close the knowledge-behavior gap with observation, not modules.
Pulled at random from the library.
A SaaS calendar — typically Google Calendar or Microsoft 365 — whose visibility setting leaks meeting titles, attendees, locations, or links to anyone in the domain or on the public internet.
Software, SaaS, or cloud services in use inside an organization without IT or security approval — invisible to inventory, unmanaged, and rarely off-boarded.
"When a measure becomes a target, it ceases to be a good measure" — the trap behind phishing click-rate as a security KPI.