On November 24, 2025, President Trump signed an Executive Order, Launching the Genesis Mission, which establishes a national effort to use artificial intelligence to accelerate scientific discovery and strengthen U.S. capabilities in key technology domains. Substantively, it places AI where nuclear technology sat during the Cold War: at the center of long-term strategic competition. The
Latest from Business Cyber Risk
EDPS Refines Generative AI Guidelines: A Blueprint for Lawful Innovation in the EU
October 29, 2025 — In a significant move toward harmonizing artificial intelligence with data protection principles, the European Data Protection Supervisor (EDPS) has released updated guidelines aimed at ensuring the lawful use of generative AI across EU institutions. These revisions come at a time when AI technologies are rapidly evolving, and regulatory clarity is more
🎙 Podcast Feature: Defenders in Lab Coats | The Legal (+Cyber) POV Playbook
I recently had the pleasure of joining Reanna Schultz on the Defenders in Lab Coats podcast (Season 2, Episode 16) to discuss my book, The GC + CISO Connection: Uniting the Defenders of the Organization (link).
In this episode, we dive into how legal and security leaders can better align to address today’s
Texas Developer Sentenced to 4 Years for “Kill Switch” Cyberattack on Former Employer
A Texas-based software developer has been sentenced to four years in federal prison for deploying a “kill switch” that crippled his former employer’s network. Davis Lu, 55, a former Eaton Corp. software developer, was convicted in March 2025 after prosecutors revealed a calculated campaign of digital sabotage.
The trouble began after a 2018 corporate reorganization
Trick or Treating, Cyber Villains, and Coffee: My Time on Counsel Brew
I recently had the pleasure of joining Shereen El Domeiri and Nicola Hobeiche on their fantastic podcast, Counsel Brew, for Episode 36: “Trick or Treat – Shawn Tuma.” Let me tell you—it was an absolute blast!
From the moment we hit record, it felt like catching up with old friends over a strong French roast.
Privilege Requires Precision: Sixth Circuit’s Reminder for Internal Investigations
In a recent decision, the Sixth Circuit offered a timely reminder for legal teams conducting internal investigations: attorney-client privilege is powerful—but only when used with precision.
In In re FirstEnergy Corp., No. 24-3654, 2025 WL 1234567 (6th Cir. Aug. 7, 2025), the court examined whether FirstEnergy could shield communications related to its internal investigation into alleged misconduct.
MEMO TO: “The IT Guy” – It is a Crime to Sabotage Your Company’s Network on Your Way Out the Door!
A former First Republic Bank employee [cloud engineer] who sabotaged the company’s computer network after being fired for accessing pornography on a work computer has lost an appeal challenging his conviction and nearly $530,000 in restitution.* * *Brody was indicted in the U.S. District Court for the Northern District of California and ultimately pleaded guilty
***URGENT*** MEMO TO: “The IT Guy” Re T/A Negotiations After Ransomware Attack
Here’s a pro tip for “The IT Guy” or MSP whose customer has just been hit with ransomware, when it was their responsibility to protect against it:
No matter how strongly you may feel about this issue, when your client is contemplating possibly paying the ransom to get their network recovered (and, save themselves from
The Importance of GC+CISO Relationships in Cybersecurity (a New Project)
In early June 2024, my friend David Malicoat graciously invited me to be a guest on The Professional CISO Show and, while I was incredibly honored, I was a bit hesitant as well. I had just begun working on a concept (partially inspired by my friend Dena DeNooyer Stroh, most immediately, but also by
Texas Attorney General Issues Consumer Alert Warning Texans of Potential Scams Following Nationwide CrowdStrike Outage
AUSTIN – Texas Attorney General Ken Paxton warned Texans of potential scams following the widespread CrowdStrike service outage.
Texans should be aware that bad actors can use cybersecurity incidents to take advantage of consumers. By following certain steps, the public can significantly decrease their likelihood of falling prey to a scam that could compromise personal