Michael Sitler

Maybe this doesn't apply to everyone, but for me this couldn't be more true. When we're healthy: We eat nutritious food. We track what we eat. We measure our progress at the gym. We weigh ourselves every day. When we're unhealthy: We eat nutritious food sometimes. We track what we eat on good days. We go through the motions at the gym. We rarely weigh ourselves. Being healthy requires making intentional effort, measuring progress, and taking ownership of the outcome. When we just go through the motions and avoid measuring our progress because it makes us feel bad, we're likely on a downward slope toward an unhealthy lifestyle and all of the consequences that come with that. This applies to our occupational health as well, especially if we're in a leadership position. If we're not making intentional effort, measuring progress, and taking ownership of the outcome, we'll eventually face the consequences.

Most cybersecurity breaches occur because organizations fail to implement governance, oversight, and accountability for cybersecurity risk. NSPM-12 establishes a new cybersecurity governance framework that requires National Security Systems (NSS) to meet or exceed cybersecurity standards issued by the National Institute of Standards and Technology (NIST). https://t.co/VUiC5fKo71

Collaboration in cybersecurity has never been more critical than it is today, especially for less resourced organizations like state and local governments. We founded Sectri and built our cybersecurity program management platform around that concept. Our Alliance of critical infrastructure customers collaborate with one another and benchmark against each other 24x7x365 on the Sectri Platform and they meet monthly to learn about the latest threats facing their sectors, discuss hot topics, and perform tabletop exercises. If you're interested in potentially joining a cohort of peers in your sector, send me a DM and we'll connect. https://t.co/yG1iOYtigK

One of the most important vulnerability lists to monitor is CISA's Known Exploited Vulnerabilities (KEV) catalog, because it identifies severe vulnerabilities that are being actively exploited in the real world. If you're not already monitoring this list, you can easily sign-up to receive email notifications when new vulnerabilities are added to the catalog. For small IT teams with limited security capabilities, these alerts may provide you with enough time to act before a severe vulnerability is exploited in your organization. https://t.co/UqoY69gWGH

Another school district gets an unplanned long weekend because of a ransomware attack. Unfortunately, it's been a rough start for K-12 in 2026. Ransomware groups are typically opportunistic, meaning they attack the vulnerable rather than going after specific organizations. If districts spend more time strengthening their cyber resilience and minimizing vulnerabilities, they're much less likely to experience the type of outage that requires closure. It's either that or districts may need to start adding a few pre-planned "ransomware days" onto the school calendar each year like they do for "snow days" in the northern US...

"The last 6,000 years reads like this: Opportunity mixed with difficulty." Jim Rohn said that decades ago, but I feel like it's a good reminder in the modern AI era. There's no doubt about it... We're entering a period of uncertainty and difficulty, but there will also be opportunity if we're willing to learn and evolve.