<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Writing on Jorge Laurel</title><link>https://jorgelaurel.com/writing/</link><description>Recent content in Writing on Jorge Laurel</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Tue, 14 Jul 2026 21:10:17 +0000</lastBuildDate><atom:link href="https://jorgelaurel.com/writing/index.xml" rel="self" type="application/rss+xml"/><item><title>When an AI Assistant Stores a False Memory</title><link>https://jorgelaurel.com/writing/when-an-ai-assistant-stores-a-false-memory/</link><pubDate>Tue, 14 Jul 2026 21:10:17 +0000</pubDate><guid>https://jorgelaurel.com/writing/when-an-ai-assistant-stores-a-false-memory/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/fb739c940af496ef.png" alt="When an AI Assistant Stores a False Memory"&gt;&lt;/p&gt;
&lt;p&gt;A single email can lead an AI assistant to record something false about a user, without disclosing that it has done so, and then draw on that false record in later sessions. The technique requires no stolen password and no account access. It relies only on a message sent to an inbox the assistant is configured to read.&lt;/p&gt;
&lt;p&gt;Researchers describe the technique, which they call stealth memory injection, in a &lt;a href="https://arxiv.org/abs/2607.05189v1"&gt;paper posted to arXiv on 6 July 2026&lt;/a&gt;, titled &amp;ldquo;When Claws Remember but Do Not Tell.&amp;rdquo; They built a tool called MemGhost that generates the attack emails, and a benchmark called WhisperBench to measure how often it succeeds. The findings are relevant to teams, and individuals, considering agentic assistants in a production or private environment.&lt;/p&gt;</description></item><item><title>Vulnerability Exploitation Is Moving Faster. What the 2026 Time-to-Exploit Data Shows</title><link>https://jorgelaurel.com/writing/vulnerability-exploitation-is-moving-faster-what-the-2026-time-to-exploit-data-s/</link><pubDate>Fri, 26 Jun 2026 16:46:24 +0000</pubDate><guid>https://jorgelaurel.com/writing/vulnerability-exploitation-is-moving-faster-what-the-2026-time-to-exploit-data-s/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/9ff786bcd88babc4.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;Average time from vulnerability disclosure to working exploit has dropped from roughly 125 days in early 2025 to under a day by April 2026, across an analysis of approximately 69,000 CVEs. Some vulnerabilities are now exploited before patch advisories are published. The assumptions most patch management processes were built on may no longer hold.&lt;/p&gt;
&lt;p&gt;For most of the last two decades, vulnerability management rested on a quiet assumption: between the moment a flaw became public and the moment an attacker could use it at scale, defenders had a usable buffer. Days, often weeks. Enough time to test, stage, and deploy a patch or patches. A lot of process was built on top of that buffer.&lt;/p&gt;</description></item><item><title>The AI Agents Already Inside Your Network May Not Show Up in Your Data Loss Prevention</title><link>https://jorgelaurel.com/writing/the-ai-agents-already-inside-your-network-may-not-show-up-in-your-data-loss-prev/</link><pubDate>Sun, 21 Jun 2026 15:03:12 +0000</pubDate><guid>https://jorgelaurel.com/writing/the-ai-agents-already-inside-your-network-may-not-show-up-in-your-data-loss-prev/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/9b78e6719d186c9c.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;Research shows that three things changed in enterprise security this year, and defenders may not be aware, and may be still measuring the old problem.&lt;/p&gt;
&lt;p&gt;The old problem was employees pasting sensitive text into a chatbot. That was a data handling issue. Annoying but visible enough once you went looking. The current problem is different in kind. Autonomous agents can now hold enterprise credentials, call internal tools, and act on instructions they read from data they were never meant to trust. They do this through the same APIs and natural language interfaces sanctioned tools use. To a Data Loss Prevention (DLP) system, none of it looks like malicious exfiltration.&lt;/p&gt;</description></item><item><title>The Code Looks Fine. That's the Problem.</title><link>https://jorgelaurel.com/writing/the-code-looks-fine-that-s-the-problem/</link><pubDate>Thu, 04 Jun 2026 08:15:24 +0000</pubDate><guid>https://jorgelaurel.com/writing/the-code-looks-fine-that-s-the-problem/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/4fa23481c605b74b.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;There is a version of this story that sounds like hype. Chinese AI models are secretly inserting backdoors into American software. Hackers are hiding in your IDE. The threat is invisible and everywhere.&lt;/p&gt;
&lt;p&gt;That version is wrong, and it is worth saying so clearly. Booz Allen Hamilton, which published this research in May 2026, does not claim intentional sabotage. The report is careful about that. What it does claim, backed by more than 2,800 test trials across five frontier models, is something more unsettling in its own way.&lt;/p&gt;</description></item><item><title>Why the Chips, Power, and Data Centers Behind AI Can't Keep Up</title><link>https://jorgelaurel.com/writing/why-the-chips-power-and-data-centers-behind-ai-can-t-keep-up/</link><pubDate>Sat, 16 May 2026 12:49:47 +0000</pubDate><guid>https://jorgelaurel.com/writing/why-the-chips-power-and-data-centers-behind-ai-can-t-keep-up/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/ab18d0c620457a35.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;In late March, heavy Claude users started posting screenshots of something very odd, their five hour usage limits were running out in twenty minutes. Anthropic blamed peak hour demand and blocked third party tools from using its flat rate plans. OpenAI quietly shut down its Sora video platform around the same time as its Codex tool surged past four million developers per week. What looked like routine product decisions were actually the first visible signs of an infrastructure problem that is only going to get harder to solve.&lt;/p&gt;</description></item><item><title>The Cost of AI: Tokens</title><link>https://jorgelaurel.com/writing/the-cost-of-ai-tokens/</link><pubDate>Wed, 06 May 2026 20:19:30 +0000</pubDate><guid>https://jorgelaurel.com/writing/the-cost-of-ai-tokens/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/6b32fd06698e84d8.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;Several patterns emerged from the past six months of enterprise AI spending. First, token prices dropped sharply. Second, companies spent more money anyway. Third, executives started celebrating engineers who burned through the most tokens. The gap between those three facts reveals something important about how AI costs actually work.&lt;br&gt;
&lt;br&gt;
The numbers are straightforward. Per-token inference costs fell roughly 75% year-over-year according to enterprise spending data from Ramp. Epoch AI research suggests the decline approaches 200x annually when accounting for both pricing and efficiency gains. Competition among model providers, open-weight alternatives, and hardware improvements all pushed prices down. The collapse is real and significant.&lt;br&gt;
&lt;br&gt;
But total AI spending moved in the opposite direction. Organizations spent an average of $1.2 million on AI-native applications in 2025, more than double the prior year, according to Zylo&amp;rsquo;s 2026 SaaS Management Index. Nearly 80% of IT leaders reported unexpected charges tied to consumption-based AI pricing. The bill went up even as the unit cost went down.&lt;br&gt;
&lt;br&gt;
The disconnect stems from how consumption patterns changed. Databricks CEO Ali Ghodsi singled out an engineer who spent over $7,000 in tokens during a two-week period in January. The company held a meeting where everyone applauded. Meta CTO Andrew Bosworth called token spending &amp;ldquo;easy money&amp;rdquo; with &amp;ldquo;no limit.&amp;rdquo; The term &amp;ldquo;tokenmaxxing&amp;rdquo; emerged to describe maximizing token usage as a productivity metric.&lt;br&gt;
&lt;br&gt;
Token pricing varies widely. Basic tasks on cheaper models can cost a few cents per million tokens. Complex computations on premium models run from $20 to over $100 per million tokens. Anthropic charges $25 per million output tokens for Claude Opus 4.6. Those are list prices. Actual costs depend on utilization rates, which rarely hit 100%. At 30% utilization, base inference costs on an H100 GPU jump from $0.0038 per million tokens to roughly $0.013. At 10% utilization, the cost reaches $0.038.&lt;br&gt;
&lt;br&gt;
The pricing structure creates a paradox. Falling per-token costs make AI seem cheaper, which encourages higher consumption. That higher consumption often cancels out the savings and pushes total costs higher. Appfigures data showed that image model releases drove 6.5x more downloads than traditional model updates. ChatGPT added 12 million incremental installs in the 28 days after introducing its GPT-4o image model. More usage means more tokens processed, which means larger bills regardless of unit price.&lt;br&gt;
&lt;br&gt;
Infrastructure constraints are starting to appear. Anthropic cut off millions of users from OpenClaw after it overwhelmed their systems. The company shifted to pay-as-you-go billing instead of open-ended usage limits. Capacity is finite, and providers are prioritizing customers who pay per token over those on flat subscriptions. Gartner analyst Will Sommer told The Verge that AI companies would need close to $2 trillion in annual revenue by the end of the decade to cover infrastructure costs. Current pricing models do not support that math.&lt;br&gt;
&lt;br&gt;
The operational costs extend beyond token prices. Semantic caching, prompt compression, and utilization optimization can reduce token consumption by 40% to 60%, but those require engineering resources. Data preparation and cleaning add another layer of expense. RAG systems need structured data, which means dedicated engineering work before the first query runs. Then there are MLOps costs, monitoring infrastructure, and the labor required to manage prompt injection attacks and model degradation.&lt;br&gt;
&lt;br&gt;
Stanford HAI&amp;rsquo;s 2026 AI Index Report noted that US private AI investment reached $285.9 billion in 2025. AI data center power capacity hit 29.6 gigawatts, comparable to New York state at peak demand. Annual GPT-4o inference water use may exceed the drinking water needs of 12 million people. Those environmental and infrastructure pressures will eventually flow through to pricing.&lt;br&gt;
&lt;br&gt;
The current moment resembles the early cloud computing era when per-instance pricing dropped while total cloud spending climbed. The difference is that AI consumption scales faster and less predictably than traditional compute. A viral feature or unexpected usage pattern can multiply costs overnight. Organizations are discovering that cheaper tokens do not mean cheaper AI, just more consumption at lower unit economics until the bill arrives.&lt;br&gt;
&lt;br&gt;
Sources:\&lt;/p&gt;</description></item><item><title>Part 5: The Future is Collaborative</title><link>https://jorgelaurel.com/writing/part-5-the-future-is-collaborative/</link><pubDate>Fri, 13 Jun 2025 19:00:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/part-5-the-future-is-collaborative/</guid><description>&lt;h3 id="day-5-of-a-5-part-series-what-i-learned-about-building-the-future"&gt;Day 5 of a 5-part series: What I Learned About Building the Future&lt;/h3&gt;
&lt;hr&gt;
&lt;p&gt;Missed an installment in the series? Here is &lt;a href="https://www.linkedin.com/pulse/part-1-spark-when-vision-meets-digital-reality-jorge-laurel-kwafe/"&gt;Part 1&lt;/a&gt;, &lt;a href="https://www.linkedin.com/pulse/part-2-code-coffee-course-corrections-jorge-laurel-spnie/"&gt;Part 2&lt;/a&gt;, &lt;a href="https://www.linkedin.com/pulse/part-3-fort-knox-newsletters-jorge-laurel-nxehe/"&gt;Part 3&lt;/a&gt;, and &lt;a href="https://www.linkedin.com/pulse/part-4-launch-day-lessons-followed-jorge-laurel-51fae/"&gt;Part 4&lt;/a&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Here we are, five days and one complete development journey later. What started as a simple idea—building a better newsletter platform—turned into something much more significant: a glimpse into the future of how humans and AI can work together to create things that neither could build alone.&lt;/p&gt;</description></item><item><title>Part 4: Launch Day and the Lessons That Followed</title><link>https://jorgelaurel.com/writing/part-4-launch-day-and-the-lessons-that-followed/</link><pubDate>Thu, 12 Jun 2025 18:00:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/part-4-launch-day-and-the-lessons-that-followed/</guid><description>&lt;h3 id="day-4-of-a-5-part-series-when-theory-meets-reality"&gt;Day 4 of a 5-part series: When Theory Meets Reality&lt;/h3&gt;
&lt;hr&gt;
&lt;p&gt;Missed a part of the series? Here is &lt;a href="https://www.linkedin.com/pulse/part-1-spark-when-vision-meets-digital-reality-jorge-laurel-kwafe/"&gt;Part 1&lt;/a&gt;, &lt;a href="https://www.linkedin.com/pulse/part-2-code-coffee-course-corrections-jorge-laurel-spnie/"&gt;Part 2&lt;/a&gt;, and &lt;a href="https://www.linkedin.com/pulse/part-3-fort-knox-newsletters-jorge-laurel-nxehe/?trackingId=FgGpg2VvT%2FeMi7RLTdTG%2BA%3D%3D"&gt;Part 3&lt;/a&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;You know that feeling when you&amp;rsquo;ve spent weeks, or just one, building something amazing, everything looks perfect in your development environment, security tests are all green, and you&amp;rsquo;re finally ready to show the world your creation?&lt;/p&gt;
&lt;p&gt;And then you launch it, and the first user tries to do something completely logical that you never thought of, and suddenly you&amp;rsquo;re questioning every life choice that led to this moment?&lt;/p&gt;</description></item><item><title>Part 3: Fort Knox for Newsletters</title><link>https://jorgelaurel.com/writing/part-3-fort-knox-for-newsletters/</link><pubDate>Wed, 11 Jun 2025 18:00:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/part-3-fort-knox-for-newsletters/</guid><description>&lt;h3 id="day-3-of-a-5-part-series-building-security-into-every-layer"&gt;Day 3 of a 5-part series: Building Security Into Every Layer&lt;/h3&gt;
&lt;hr&gt;
&lt;p&gt;If you missed them, here are &lt;a href="https://www.linkedin.com/pulse/part-1-spark-when-vision-meets-digital-reality-jorge-laurel-kwafe/?trackingId=zWfRq74F29aEW2L2B12ZwQ%3D%3D"&gt;Part 1&lt;/a&gt; and &lt;a href="https://www.linkedin.com/pulse/part-2-code-coffee-course-corrections-jorge-laurel-spnie/?trackingId=kztvqQz8SPCZ7Kni%2FnpGBw%3D%3D"&gt;Part 2&lt;/a&gt; of the series&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Pop quiz: What&amp;rsquo;s the difference between a cybersecurity professional building a web app and a regular developer building a web app?&lt;/p&gt;
&lt;p&gt;The cybersecurity professional assumes everything will be attacked, probably by someone smarter than them, definitely by someone with more time, and absolutely by someone who&amp;rsquo;s already figured out three ways to break the system before it&amp;rsquo;s even deployed.&lt;/p&gt;</description></item><item><title>Part 2: Code, Coffee, and Course Corrections</title><link>https://jorgelaurel.com/writing/part-2-code-coffee-and-course-corrections/</link><pubDate>Tue, 10 Jun 2025 18:00:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/part-2-code-coffee-and-course-corrections/</guid><description>&lt;h3 id="day-2-of-a-5-part-series-the-development-sprint-that-changed-everything"&gt;Day 2 of a 5-part series: The Development Sprint That Changed Everything&lt;/h3&gt;
&lt;hr&gt;
&lt;p&gt;&lt;em&gt;&lt;strong&gt;Did you miss Part 1? It&amp;rsquo;s available&lt;/strong&gt;&lt;/em&gt; &lt;a href="https://www.linkedin.com/pulse/part-1-spark-when-vision-meets-digital-reality-jorge-laurel-kwafe/?trackingId=n%2FOm39QKSM00K0m7Tawnwg%3D%3D"&gt;&lt;em&gt;&lt;strong&gt;here&lt;/strong&gt;&lt;/em&gt;&lt;/a&gt;&lt;em&gt;&lt;strong&gt;.&lt;/strong&gt;&lt;/em&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Remember those ambitious PRD dreams from Part 1? Well, reality has a funny way of keeping your feet on the ground—even when you&amp;rsquo;re moving at AI speed.&lt;/p&gt;
&lt;p&gt;What followed my planning phase was one of the most intense and educational weeks of development I&amp;rsquo;ve ever experienced (OK, my firs actually). Not because of long coding sessions (thank you, AI Agent), but because of how rapidly I could test ideas, hit walls, pivot, and try again.&lt;/p&gt;</description></item><item><title>Part 1: The Spark - When Vision Meets Digital Reality</title><link>https://jorgelaurel.com/writing/part-1-the-spark-when-vision-meets-digital-reality/</link><pubDate>Mon, 09 Jun 2025 18:00:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/part-1-the-spark-when-vision-meets-digital-reality/</guid><description>&lt;h3 id="day-1-of-a-5-part-series-from-idea-to-launch"&gt;Day 1 of a 5-part series: From Idea to Launch&lt;/h3&gt;
&lt;hr&gt;
&lt;p&gt;Have you ever had one of those moments where you&amp;rsquo;re staring at your weekly routine and think, &amp;ldquo;There&amp;rsquo;s got to be a better way to do this&amp;rdquo;? That&amp;rsquo;s exactly what happened to me with my Friday Wrap Up newsletter.&lt;/p&gt;
&lt;p&gt;For months, I&amp;rsquo;d been manually crafting my cybersecurity newsletters, juggling Google Docs, Feedly, Zapier, and Make. Although I had semi-perfected my process I wanted to find a way to expand beyond LinkedIn and Substack and see what potentials were possible outisde of these two platforms. As someone who preaches about efficiency in cybersecurity operations, I was ironically running my own newsletter like it was 2010.&lt;/p&gt;</description></item><item><title>Strengthening Cybersecurity: The Power of Public/Private Partnerships</title><link>https://jorgelaurel.com/writing/strengthening-cybersecurity-the-power-of-public-private-partnerships/</link><pubDate>Sat, 03 May 2025 14:52:39 +0000</pubDate><guid>https://jorgelaurel.com/writing/strengthening-cybersecurity-the-power-of-public-private-partnerships/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/fc4b6f19f20d1361.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;Cybersecurity threats don&amp;rsquo;t respect boundaries—so why should our solutions?&lt;/p&gt;
&lt;p&gt;When protecting critical infrastructure—such as power grids, transportation networks, healthcare systems, water supplies, and financial institutions—no single organization can tackle the challenge alone. This makes public-private partnerships not just beneficial, but absolutely essential for safeguarding our societies.&lt;/p&gt;
&lt;h3 id="why-are-partnerships-necessary"&gt;&lt;strong&gt;Why Are Partnerships Necessary?&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;Government agencies bring authority, resources, and oversight to set regulations, establish security standards, and coordinate broad responses. However, it&amp;rsquo;s the government and agencies and departments often face bureaucratic delays that slow implementation. Meanwhile, private companies can be more agile and innovative, quickly adopting advanced technologies. But without the legal authority or network reach of public entities, their efforts can struggle to scale up nationwide or across borders.&lt;/p&gt;</description></item><item><title>Did you really read the Terms of Service before installing that app?</title><link>https://jorgelaurel.com/writing/did-you-really-read-the-terms-of-service-before-installing-that-app/</link><pubDate>Thu, 01 Aug 2024 14:00:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/did-you-really-read-the-terms-of-service-before-installing-that-app/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/5b88bda33352ddfa.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;In the digital age, social media apps have become an integral part of daily life, offering connectivity, entertainment, and a platform for self-expression. However, the convenience of these apps comes with significant cybersecurity risks. While &lt;strong&gt;ALL&lt;/strong&gt; social media platforms, or any app that you install, pose some level of risk, these dangers are heightened when the company that created the app is based in a country that can compel it to hand over user data.&lt;/p&gt;</description></item><item><title>Defense Industrial Base Cybersecurity Strategy for 2024-2027: An Overview</title><link>https://jorgelaurel.com/writing/defense-industrial-base-cybersecurity-strategy-for-2024-2027-an-overview/</link><pubDate>Sun, 31 Mar 2024 20:57:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/defense-industrial-base-cybersecurity-strategy-for-2024-2027-an-overview/</guid><description>&lt;p&gt;The Department of Defense (DoD) has unveiled its ambitious &lt;a href="https://media.defense.gov/2024/Mar/28/2003424523/-1/-1/1/DOD_DOB_CS_STRATEGY_DSD_SIGNED_20240325.PDF"&gt;Defense Industrial Base (DIB) Cybersecurity Strategy for Fiscal Years 2024-2027&lt;/a&gt;. This forward-looking strategy lays out a detailed roadmap to strengthen cybersecurity and cyber resiliency within the DIB, aligning closely with overarching national defense and cybersecurity strategies. At the heart of this strategy is a multilayered approach to enhancing governance structures, boosting cybersecurity postures, ensuring the preservation of critical capabilities in cyber-contested environments, and fostering improved collaboration across the DIB.&lt;/p&gt;</description></item><item><title>Beyond the Perimeter: Advancing Zero Trust Maturity with Network and Environment Strategies</title><link>https://jorgelaurel.com/writing/beyond-the-perimeter-advancing-zero-trust-maturity-with-network-and-environment-/</link><pubDate>Sun, 10 Mar 2024 15:00:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/beyond-the-perimeter-advancing-zero-trust-maturity-with-network-and-environment-/</guid><description>&lt;p&gt;On 5 March 2024, the National Security Agency (NSA) issued a Cybersecurity Information Sheet (CSI) titled “&lt;a href="https://media.defense.gov/2024/Mar/05/2003405462/-1/-1/0/CSI-ZERO-TRUST-NETWORK-ENVIRONMENT-PILLAR.PDF"&gt;&lt;em&gt;Advancing Zero Trust Maturity Throughout the Network and Environment Pillar&lt;/em&gt;&lt;/a&gt;” aimed at enhancing network defenses by restricting adversaries&amp;rsquo; lateral movements. It emphasizes the necessity of adopting a Zero Trust framework, which includes rigorous internal network controls and segmentation to prevent unauthorized access to critical data and systems.&lt;/p&gt;
&lt;p&gt;NSA Cybersecurity Director Rob Joyce highlighted the importance of recognizing internal threats and actively countering potential breaches by stating “Organizations need to operate with a mindset that threats exist within the boundaries of their systems. This guidance is intended to arm network owners and operators with the processes they need to vigilantly resist, detect, and respond to threats that exploit weaknesses or gaps in their enterprise architecture.”&lt;/p&gt;</description></item><item><title>The start of my 'Friday Wrap Up' newsletter</title><link>https://jorgelaurel.com/writing/the-start-of-my-friday-wrap-up-newsletter/</link><pubDate>Mon, 26 Feb 2024 16:00:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/the-start-of-my-friday-wrap-up-newsletter/</guid><description>&lt;hr&gt;
&lt;p&gt;Each Friday, I will post here on LinkedIn through this newsletter, a recap of cybersecurity and technology news stories from the previous week.&lt;/p&gt;
&lt;p&gt;In case you missed it, I posted my first &amp;ldquo;Friday Wrap Up&amp;rdquo; as a &lt;a href="https://www.linkedin.com/feed/update/urn:li:activity:7166908292001173504/"&gt;post on Friday, 23 February&lt;/a&gt;. That post is an example of what you&amp;rsquo;ll find in this newsletter starting Friday, 1 March..&lt;/p&gt;
&lt;p&gt;Why this weekly newsletter, you ask? Because we&amp;rsquo;re all busy professionals. Time is a luxury, and sifting through endless news feeds isn&amp;rsquo;t the best use of it. Staying updated can often feel like trying to drink from a firehose. There&amp;rsquo;s a deluge of news, insights, and breakthroughs pouring in daily, making it challenging to catch every ripple and wave.&lt;/p&gt;</description></item><item><title>Small Targets, Big Impact: Why Securing SMBs is Critical for National Security</title><link>https://jorgelaurel.com/writing/small-targets-big-impact-why-securing-smbs-is-critical-for-national-security/</link><pubDate>Sun, 18 Feb 2024 15:00:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/small-targets-big-impact-why-securing-smbs-is-critical-for-national-security/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/9bd5438aea9de1a0.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;As digital transformation reshapes the economy, safeguarding critical infrastructure has become vital. Critical infrastructure refers to systems essential for societal and economic operations, now frequently targeted by cyber threats. Adversaries recognize the strategic value of critical infrastructure and exploit vulnerabilities to disrupt services, steal sensitive data, or cause chaos.&lt;/p&gt;
&lt;p&gt;Despite their size, the role of small to medium-sized businesses (SMBs) in protecting this infrastructure is often underestimated yet it is critical in the broader strategy to defend against these threats. SMBs are key players in this defense against state actors, cybercriminals, and activists. Recognizing and enhancing SMBs&amp;rsquo; role is fundamental to a comprehensive defense of our interconnected digital landscape.&lt;/p&gt;</description></item><item><title>Fortifying Critical Infrastructure: The Open-Source Software Security Imperative</title><link>https://jorgelaurel.com/writing/fortifying-critical-infrastructure-the-open-source-software-security-imperative/</link><pubDate>Sun, 04 Feb 2024 15:00:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/fortifying-critical-infrastructure-the-open-source-software-security-imperative/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/df6bc4cf441edb38.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;In our digital age, securing critical infrastructure must be THE key focus, given its foundational role in national security, economic stability, and public safety. For the past several months my team and I have been involved with the Open-Source Software Security Initiative (OS3I). The OS3I convenes Federal agencies and considers input from the open-source software community, civil society, and private sector stakeholders across the open-source software landscape to deliver policy solutions to secure and defend the open-source software ecosystem. This initiative underscores a collaborative effort to fortify the backbone of our society against escalating cyber threats, leveraging the collective expertise and innovation inherent in the open-source community to ensure a resilient and secure infrastructure for the future.&lt;/p&gt;</description></item><item><title>What is Decentralized Physical Infrastructure (DePIN)?</title><link>https://jorgelaurel.com/writing/what-is-decentralized-physical-infrastructure-depin/</link><pubDate>Sun, 21 Jan 2024 21:37:00 +0000</pubDate><guid>https://jorgelaurel.com/writing/what-is-decentralized-physical-infrastructure-depin/</guid><description>&lt;hr&gt;
&lt;p&gt;&lt;strong&gt;Imagine a world where critical infrastructure, like power grids and communication networks, are not controlled by governments or corporations, but by a web of interconnected individuals and communities.&lt;/strong&gt; This is the vision of Decentralized Physical Infrastructure (DePIN), a concept that is trying to reshape how we build, maintain, and secure the systems that underpin our modern lives. As a cybersecurity professional involved with public/private critical infrastructure, I find DePIN very interesting and also very concerning. In this article, I&amp;rsquo;ll attempt to describe the world of DePIN, exploring its potential while examining the security challenges it presents.&lt;/p&gt;</description></item></channel></rss>