#qi2-certification

#qi2-certification

A&K Travel Group operates some of the most remote and operationally complex travel experiences in the world, requiring secure, resilient connectivity that performs consistently across continents and environments.

A Common Vulnerability Exposure (CVE) that cannot reach the privilege plane is operationally ineffective - even at a CVSS Score of 10. This should be a core philosophy that is embedded into the fabric of software engineering.

I was always a tinkerer, I guess. I grew up in the age where computers were not ubiquitous or common. An experience as a kid was instrumental in how my career happened.

TruRisk is designed to aggregate vulnerability data at the asset level and convert it into a measurable, business-aligned cyber risk score. Rather than evaluating vulnerabilities in isolation, TruRisk calculates a consolidated risk value per asset by helping security teams understand which systems pose the greatest operational and strategic risk.

Azure Governance is the set of policies, processes, and technical controls that ensure your Azure environment is secure, compliant, and well-managed. It provides a structured approach to organizing subscriptions, resources, and management groups, while defining standards for naming, tagging, security, and operational practices.

This extends to the software development community, which is seeing a near-ubiquitous presence of AI-coding assistants as teams face pressures to generate more output in less time. While the huge spike in efficiencies greatly helps them, these teams too often fail to incorporate adequate safety controls and practices into AI deployments. The resulting risks leave their organizations exposed, and developers will struggle to backtrack in tracing and identifying where - and how - a security gap occurred.

I belong to six professional organizations. Or maybe it's 13, 19, 26, or 47. I can't be sure. The ones where I pay dues or volunteer I know well: ASIS International, the Life Safety Alliance, Chartered Security Professionals, and a couple of others. Then come the niche and industry-specific associations like the International Council of Shopping Centers, public-private partnerships such as OSAC and Infragard, and the countless ASIS Communities.

Zero trust is not a thing; it is an idea. It is not a product; it is a concept - it is a destination that has no precise route and may never be reached. But it is described very succinctly: trust nothing until the trust is justified. Justification starts with verifying every subject's identity and authority. This is the single constant in all zero trust journeys: they start with the subject's identity. Zero trust's reliance on identity, and identity's reliance on AI Two questions. Can you have zero trust without effective identity verification? No. Can you have effective identity verification in the age of AI? Maybe, and maybe not.