Category Archives: Business

Modern office building with digital graphic illustrating secure data, verified access, and network integrity
AI, Business

Bridging the Cybersecurity Gap for SMBs

I recently joined the MSP 1337 podcast with Chris Johnson to talk about something I’ve been thinking about for years:

Small and midsize businesses are being asked to operate with enterprise-level security expectations — without enterprise-level resources.

That gap is becoming impossible to ignore.
And AI is accelerating both sides of the problem.

Attackers are moving faster.
Infrastructure is becoming noisier.
Compliance requirements are multiplying.
Meanwhile, SMBs and MSPs are still expected to somehow manage everything with limited staff, fragmented tools, and endless alerts.

That model is cracking.

Btw, you can listen to it here:
Apple Podcasts
– Spotify

Continue reading
Standard
Home office devices protected by a glowing digital shield blocking cyber attacks
AI, Business

Ransomware Risks: Why SMBs Need AI Security Now

Last week I was staring at my EnduraCoach dashboard, watching it yell at me for sneaking in an extra sprint session that my body wasn’t ready for. The AI caught the overtraining pattern across heart-rate, sleep, and power data and shut it down before I wrecked my Ironman build. That same evening the April ransomware numbers landed. SMBs got hammered again. And I thought: if only every founder had an always-on coach like this for their security stack.

Here’s the uncomfortable truth from April 2026: ransomware didn’t slow down—it accelerated. A new player called JanaWare quietly encrypted files for hundreds of Turkish home users and small businesses through targeted phishing campaigns. Low-dollar demands ($200–$400) but high volume. Attackers are learning that SMBs are softer targets and faster payers.

The broader picture is uglier.
Verizon’s 2025 DBIR (still the gold standard) showed 88% of ransomware breaches hit SMBs versus just 39% for enterprises. Unpatched vulnerabilities caused 29% of incidents; stolen credentials another 30%.
Sophos and Black Kite reports confirm SMBs in the $4M–$8M revenue band are now the sweet spot for attackers.

Most of us simply don’t have a 24/7 SOC or the headcount to patch, triage, and remediate at machine speed.

Continue reading
Standard
Tall tower made of stacked coins with cracks and falling coins, city buildings and dark storm clouds in the background
Business

Key Lessons from Sorkin’s ‘1929: The Wall Street Crash’

Andrew Ross Sorkin’s book “1929: Inside the Greatest Crash in Wall Street History—and How It Shattered a Nation” (published in 2025) provides a forensic, narrative-driven account of the most famous market collapse in history.
Sorkin, who also wrote the 2008 crisis definitive history Too Big to Fail, focuses on the human psychology, hubris, and technical failures that turned a speculative boom into a generational disaster.

Here are the top 20 takeaways from the book, followed by specific lessons for you as a long-term investor.

1. Euphoria is the market’s most dangerous condition
Pessimism had gone out of fashion by the 1920s. Government commissions, governors, and economists all declared boom-and-bust cycles relics of a vanished age — it was a fatal illusion. When everyone agrees the good times will last forever, that’s when risk is highest.

Continue reading
Standard
Business

Effortless Techmeme Summaries to Slack and Telegram

Every morning starts the same way: open Techmeme, scan headlines, open too many tabs, and somehow end up 20 minutes deep into something you didn’t mean to read.

That loop is the problem. Instead of trying to “summarize the internet” or build another bloated AI dashboard, this project does something much simpler: take a strong source, rank and summarize it, and deliver a clean digest to Slack or Telegram.

That’s it—and that’s why it works.

Continue reading
Standard
AI, Business

Why SMBs Struggle with Cybersecurity: The Real Challenges

I recently had a conversation on The Changelog, and it reinforced something I’ve seen over and over again:

SMB cybersecurity isn’t just hard — it’s structurally broken.

Not because people don’t care.
Not because tools don’t exist.
Because the entire model assumes resources that SMBs simply don’t have.

The uncomfortable truth

Security today is designed for enterprises and downsized for everyone else.
That doesn’t work.
Enterprise model:

  • Dedicated security teams
  • Time to triage alerts
  • Budget to stack tools

SMB reality:

  • One DevOps person wearing five hats
  • Compliance pressure (SOC 2, ISO 27001, CMMC…)
  • A pile of tools that don’t talk to each other

So what happens?

They install more tools…generate more alerts…and end up less certain about their security posture.
That’s the paradox.

Continue reading
Standard
Animated coffee cup with a spoon glowing magical shield against dark fiery monsters
AI, Business

SMB Cybersecurity Is Broken — Here’s What We’re Doing About It

SMB cybersecurity is a mess. Yes – It’s 2026 and it’s broken. Big time.

Too many tools.
Too many dashboards.
Too many alerts that nobody has time—or context—to act on.

And the result?
A false sense of security.

You can have RMM, MDM, EDR, SIEM, compliance tools… and still be exposed. Not because the tools are bad—but because the system is unworkable for the people actually running it.

Most small and mid-sized businesses don’t have a SOC.
They don’t have a dedicated security team.
They don’t have time to interpret 300 alerts a day.

What they have is:

  • An overstretched IT person (or MSP or the owner that is busy with 127 other things that are all urgent)
  • A growing attack surface
  • And a stack of tools that don’t talk to each other

That’s the real gap.

A Quick Look

We recently shared a glimpse of what we’re building here:

Continue reading
Standard
Fiery streams of data converting into a green neural network grid
Business, AI

Using LLMs to Find Security Bugs: A Practitioner’s Playbook

TL;DR

LLMs won’t replace AppSec.
They will dramatically compress the search space.

If you use them right:

  • Run multi-model analysis (Opus + GPT + Gemini)
  • Structure prompts around attack surfaces, not “find bugs”
  • Require PoCs or tests for validation
  • Trust only cross-model consensus or reproducible exploits

If you don’t do this, you’ll drown in false positives.

Security research has always been asymmetric.
Attackers need one bug; defenders need zero.
Historically, scale worked against defenders.

LLMs start to rebalance that—not by magically finding zero-days, but by acting as a fast, always-on analyst that can:

  • Read entire subsystems in seconds
  • Connect logic across files
  • Generate realistic attack paths

Used correctly, they don’t replace expertise—they let you spend it where it matters.
Used incorrectly, they produce confident nonsense.
This is a practitioner’s workflow that actually works.

Continue reading
Standard
AI, Business

Your Startup Is Not a Marathon — It’s a Series of Hard Sprints

For years, founders have been fed the same comforting story:

“Building a startup is a marathon, not a sprint.”

It sounds wise. Mature. Sustainable.
It’s also mostly wrong.

If you’ve actually built something from zero—raised money, shipped under pressure, stared at a flat growth chart at 2am—you know the truth:

Startups don’t feel like marathons. They feel like repeated, borderline irresponsible sprints… with no clear finish line.

The Marathon Myth Is Attractive

Marathons are predictable.
You train. You pace. You fuel. You suffer…
but in a controlled, linear way.
If you’ve done the work (in most cases), you’ll finish.

Startups?
Completely different game.

  • You can do everything “right” and still fail
  • Effort doesn’t map cleanly to outcome
  • The terrain changes mid-race
  • Someone can move the finish line—or delete it entirely

Calling it a marathon gives founders a false sense of control.
It suggests that if you just keep going steadily, things will work out.

They won’t.

Continue reading
Standard
AI, Business

Building Continuous AI Agents with OpenClaw and Ollama

Most people are still using AI like it’s 2023:
prompt → response → done.

That’s not where things are going.
The real shift is toward agents that run continuously and do work for you. And one of the most interesting ways to get there today is:

OpenClaw + Ollama

Before diving in, quick grounding.

What OpenClaw and Ollama Actually Are

OpenClaw is an open-source agent framework.
It’s not a chatbot—it’s a system that can:

  • plan tasks
  • call tools (browser, APIs, files)
  • maintain memory
  • run loops without constant input

Think: a programmable worker, not a Q&A interface.

Ollama is the simplest way to run large language models locally.
It handles:

  • downloading models (Llama, Gemma, etc.)
  • running them efficiently on your machine
  • exposing them via a clean API

Think: Docker for LLMs.

Put them together and you get:

A local, autonomous agent system with zero API costs and full control.

Continue reading
Standard
Transparent-winged butterfly perched on white daisy flower by mossy rocks and flowing forest stream
AI, Business

Claude Mythos: The Future of Autonomous Exploits

This one is different.
Anthropic didn’t just build a better model—they hit a threshold and stopped.
Claude Mythos (Preview) exists, works, and isn’t being released.

Not because it failed.
Because it crossed into territory we’re not ready for.

But before everything… just like in any good story, go and check the other side of it, which basically claim, it’s all (a good) marketing stunt.

The Sandwich Email That Shouldn’t Exist

Anthropic researcher Sam Bowman was sitting in a park, mid-sandwich (or burrito – no one knows for sure), when he got an email… from a model that wasn’t supposed to have internet access.

That model:

  • Was running in a locked, air-gapped container (yes – as crazy as it sounds…)
  • Found a multi-step exploit chain (=using a minor leak to find an address, using a buffer overflow to gain a primitive, using a race condition to escalate)
  • Escaped its sandbox (likely via container/runtime escape + privilege escalation)
  • Reached external network interfaces
  • Contacted him

Then it started sharing the exploit.

Unprompted.

That’s not a jailbreak.
That’s autonomous exploit development + execution.

Continue reading
Standard