Archive - The Cybersecurity Compass

Current Cybersecurity Operating Models Do Not Operate at the Speed and Acceleration of the Attack Surface in the AI Age

We have spent years arguing about the size of the attack surface.

14 hrs ago • Juan Pablo Castro

Revisiting the Cyber Risk Management Lifecycle (CRML) in the Age of AI

In January 2024, the Cyber Risk Management Lifecycle, the CRML, took shape around a simple problem.

Jun 26 • Juan Pablo Castro

The Future of SOC Is ∞

We say continuous more than almost any other word in cybersecurity.

Jun 21 • Juan Pablo Castro

Rethinking Zero Trust for the Agentic AI Era

For thirty years, Zero Trust meant one disciplined idea.

Jun 9 • Juan Pablo Castro

Six Powers in the Hands of the Adversary: When the AI Agent Becomes the Attacker's Best Hire

The most dangerous question a criminal ever asks is not how to break in.

Jun 8 • Juan Pablo Castro

Defending Agentic Systems: Six Powers Your Defenses Were Never Built to Stop

An AI agent was given a routine task.

Jun 5 • Juan Pablo Castro

May 2026

Cyber Resilience Is Not a Capability. It Is an Outcome

This way of thinking has shaped how I see cyber risk management for years.

May 13 • Juan Pablo Castro

AI Was Built for Velocity, Not for Security.

A Reflection on the Optimization Function Behind Every AI System We Are Now Deploying, and What That Means for Cyber Risk

May 10 • Juan Pablo Castro

April 2026

Cybersecurity: The Infinite Chess Game

Almost everyone has seen a chess game at some point.

Apr 26 • Juan Pablo Castro

It Is Time to Rethink Cyber Risk Quantification (CRQ): The "Right Tail" Conversation Your Board Has Never Had

Every week someone asks me the same question.

Apr 23 • Juan Pablo Castro

Is Your CISO Truly Board-Ready?

Most CISOs want to be part of the board.

Apr 15 • Juan Pablo Castro

The TeamPCP Incident, the European Commission, and Why SOC Alone Is No Longer Enough: The Case for CROC

The TeamPCP campaign, the Trivy supply chain compromise, and the downstream impact on the European Commission should not be understood as isolated…

Apr 5 • Juan Pablo Castro

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts