I thought I’d start with an outstanding book recommendation.
Published this month (January 2026), Locked Up by Zachary Lewis is a must-read for anyone in the information security profession.
Told in the first person, the book walks through Zachary’s real-world experience as a Chief Information Security Officer detecting, responding to, and recovering from a ransomware attack. What sets it apart is the level of practical detail. This isn’t theory or hindsight abstraction — it’s an honest, blow-by-blow account that makes the lessons immediately actionable for your own organization. I only wish there were more sources of actual information such as this. Mad respect for Zachary’s courage and time to publish this book!
There are too many takeaways to list, but a few stood out to me:
Fascinating, real-time communications with the threat actor during ransom negotiations
A thoughtful look at the unique security challenges faced by a university environment
Clear guidance on tying information security objectives directly to business objectives (huge!)
A powerful reminder that incident response is full of noise — and success depends on filtering it to focus on what truly matters
Insightful decisions and outcomes related to public communications during and after the incident
I had the good fortune to meet Zachary last week during a small policy brainstorming session. He is extremely knowledgeable, humble, and personable — exactly what comes through in his writing.
I hope Locked Up benefits you as much as it did me.
Article of the Day — Metrics Metrics Metrics!
This article is a good reminder that we can generate metrics all day long. But the key is metrics that indicate risk.
While the title is for MSPs to have a risk conversation in reviews, the lessons are good for any controls owned by anyone.
One rule of thumb when I evaluate metrics is to see if there are tolerances (eg should I be worried or not?) and then if I’m worried, is there an action to take that will reduce risk?
Now a counter to this …. I admit there is utility to counting large numbers such as attacks blocked at the firewall for “wow” numbers that let others know the threat is alive and our tooling is doing great.
If you enjoy this material, please encourage your friends and colleagues to subscribe to this newsletter at https://signalnotnoise.beehiiv.com/subscribe