Review: Rosebud

Posted in Products with tags on November 19, 2025 by itnerd

I am not a journaling type of person. Likely because I have not seen the need for doing that. But I may change my mind on that after reviewing Rosebud which is billed as an AI based “interactive journal and self-care companion”. I’ve been using it for the last couple of weeks to journal my daily experiences and thoughts.

For the most part I have been using the Morning Intention and Evening Reflection to get my thoughts, feelings and experiences into the app. You can also see from the screen shot above a prompt for “What small focus can bring you joy today?” Regardless of the section that you enter your thoughts in, you’re prompted  with questions like “What’s your top priority today?” and “What was the highlight of your day?” That helped me get my thoughts into the app easier. The app will prompt you to go deeper to provide it more detail. And when you’re done, the AI will presents its thoughts and insights. This is where I found Rosebud to be really helpful. The AI looked at my first week and found the following insights from their AI:

And on top of that, it give me a look at my wins for the week.

Some of this stuff, specifically that I might benefit from exploring what specifically about my work feels misaligned with my working style, is new to me. It gave me something to think about as maybe my working style isn’t working in my favour.

Now let’s go down the rabbit hole on their AI and your data. Because if you’re typing your thoughts, feelings and experiences into an app, you have to know what is going to happen with all of that. The company’s Privacy Policy does note that it has agreements OpenAI, Anthropic, and Groq to not store your data, and to not pass along personally identifiable information. That’s good. On top of that, have BAAs and Zero Data Retention (ZDR) agreements in place which forces those companies to handle data in compliance with HIPAA standards. Which is also good. The rest of the doesn’t have anything that jumps out at me as being bad or concerning, other than the fact that the company has not conducted third party security risk assessments which I found in section 5 under “Security Audits”. If I could give Rosebud a piece of advice from someone who does IT security among other things for a living, you might want to get third parties looking at your setup and report on what they find and how you remedy any concerns that they find as that will give your users that extra piece of mind. Finally, you can lock down Rosebud using Face ID if you have an iPhone. Meaning that if someone somehow gets physical access to your unlocked iPhone, your private thoughts will stay safe.

Rosebud is free to download. But if you really want the full experience that I had, you can sign up for $12.99 USD a month or $107.99 USD a year. I have to admit that this was an app that was worth it for me to use. And I will continue to use it to see what sort of additional insights about myself that I can gain from from it. If you’re looking for the same thing, I say give it a try.

Leave a comment »

Digital IDs: 50 countries ranked by digital ID requirements and privacy risks

Posted in Commentary with tags on November 19, 2025 by itnerd

More and more, Digital IDs are hailed by governments as a convenient way to prevent identity theft, access key services (e.g., health and social welfare benefits), and create efficient systems. And, as the UK government is hoping to demonstrate, they may also help combat illegal immigration by making digital IDs a mandatory requirement for those seeking work.  

Comparitech researchers have released an in-depth study comparing digital ID requirements and privacy risks across 50 countries, finding that already 37 countries have implemented digital ID schemes. Additionally, 9 more are in the process of creating them.

Additionally, this research comes along the same time that Apple has launched digital IDs for United States passport holders. 

Rebecca Moody, Head of Data Research at Comparitech, provided the following commentary:

“It goes without saying that digital IDs have their advantages, from providing easy access to online services and streamlining government processes to always having access to your ID wherever you go (so long as you’ve got your phone).

But where digital IDs become a huge cause for concern from a privacy perspective is when they’re introduced as a mandatory requirement (or citizens find it difficult to perform certain tasks without one), they’re used to surveil citizens’ movements and activities, and/or they’re introduced under the guise of providing one solution but soon become needed to access other key services.

For example, Apple’s digital IDs for US passports will no doubt be a hugely convenient service for US citizens and domestic travelers as they’ll eliminate the need to carry a physical passport. And, as it stands, Apple says users’ use of the digital ID won’t be tracked. But, over time, it may be implemented in other sectors and for other services, which may increase the risk of surveillance and what is known as “function creep.” This is also the case with the UK’s proposed BritCard, which will only apply to those seeking work (at first), but will likely expand to include other government services in time.

Ultimately, digital IDs are often introduced as a convenient tool that might not seem to encroach on a user’s privacy too much. But, as more users adopt the ID and more services are added to it, it can quickly become an invasive method of government control. And, once they become mandatory (like the UK’s BritCard), there’s no going back.”

You can read the research here: https://www.comparitech.com/blog/vpn-privacy/digital-ids-study/

Leave a comment »

CloudSEK Becomes First Active Indian Cybersecurity Firm to Partner with Seed Group, a Company of The Private Office of Sheikh Saeed bin Ahmed Al Maktoum

Posted in Commentary with tags on November 19, 2025 by itnerd

Strengthening the UAE’s cybersecurity ecosystem, Seed Group, a company of The Private Office of Sheikh Saeed bin Ahmed Al Maktoum, has entered into a strategic partnership with CloudSEK, a leading AI-powered cybersecurity firm from India.

With this alliance, CloudSEK becomes part of Seed Group’s ecosystem of global innovators, marking a significant milestone for Indian-origin cybersecurity on the global stage. Founded in 2015 by threat researcher-turned-entrepreneur Rahul Sasi, CloudSEK is a leading AI-powered cyber threat intelligence platform focused on predicting and preventing cyber threats.

A Strategic Alliance for a Resilient Digital Future

Seed Group, recognised for catalysing the success of innovative businesses entering the UAE and GCC markets, will work with cyber threat intelligence firm CloudSEK to empower both public- and private-sector organisations with next-generation cyber risk-management capabilities.

This collaboration brings CloudSEK’s AI-powered Cyber Threat Intelligence technologies to the heart of the Middle East’s digital economy. The platform enables faster detection, contextual analysis, and mitigation of cyber threats before they escalate into incidents, offering a proactive approach to security.

As the UAE cements its position as a global hub for trade and innovation, the demand for advanced cybersecurity has never been higher. Through Seed Group’s deep regional insight and network, CloudSEK will address these needs with solutions that integrate threat intelligence, brand protection, attack-surface monitoring, and supply-chain security into a unified, intelligence-driven platform.

The Middle East cybersecurity market, valued at USD 16.75 billion in 2025, is projected to reach USD 26.04 billion by 2030, growing at a 9.2% CAGR. The region faces escalating threats, with the UAE alone confronting over 200,000 cyberattacks daily—34.9% targeting government entities, 21.3% financial firms, 14% energy sectors, and 11.6% insurance companies. The financial impact is severe: the average data breach cost in the Middle East reached USD 8.75 million in 2024, nearly 10% higher than in 2023, underscoring the urgent need for advanced, predictive cybersecurity solutions like those offered by CloudSEK.

CloudSEK’s approach goes beyond traditional detection and response. By continuously mapping an organisation’s external digital footprint, analysing vast data from open, deep, and dark-web sources, and delivering real-time, actionable intelligence, CloudSEK enables decision-makers to stay ahead of adversaries.

The company’s proprietary AI engine has proven its mettle by identifying and preventing large-scale data breaches for major financial institutions well ahead of an actual attack. By continuously analysing massive volumes of threat data across the digital ecosystem, CloudSEK delivers actionable intelligence across 170 use cases, offering comprehensive solutions in brand monitoring, digital risk protection, attack surface monitoring, and supply chain security. The top cyber threat intelligence cloud provider, CloudSEK, helps major companies around the world spot and address cyber threats to reduce risks to their operations, finances, and reputation.

Its technology helps enterprises and governments across the world mitigate risks, strengthen cyber-resilience, and build digital trust—protecting reputation, revenue, and operations in an era of borderless cyber threats.

A Global Vote of Confidence in Indian Cybersecurity

CloudSEK’s success highlights India’s evolution from a services-led technology hub to a global originator of cybersecurity innovation.

This partnership not only accelerates CloudSEK’s presence in the Middle East but also represents a broader trend: nations and enterprises worldwide are increasingly looking to Indian firms for sophisticated, scalable, and affordable cybersecurity intelligence.

Leave a comment »

Black Kite announced the release of its AI Agent

Posted in Commentary with tags on November 19, 2025 by itnerd

Black Kite today announced the release of Black Kite AI Agent, a super agent that automatically investigates, assesses, and reports on third-party risk. Black Kite has achieved record growth, with a 5-year Compound Annual Growth Rate (CAGR) of 70%, driven by customer success and satisfaction scores that exceed industry standards. These results are quantitative proof that organizations see Black Kite as an indispensable partner. Building on this momentum, the newly released Black Kite AI Agent empowers security teams to be more effective and automated in managing third-party risk.

Super Agent Investigates, Assesses, and Reports on Third-Party Risk

Black Kite was founded with a mission to give security professionals a complete and accurate view of their cyber ecosystem risk. From the very beginning, AI has played a central role in achieving that mission. The Black Kite AI Agent exposes these advanced AI capabilities directly to customers, enabling security teams to investigate, assess, and report on third-party risk more efficiently. With this new capability, Black Kite continues to set itself apart and lead the future of Third-Party Cyber Risk Management (TPCRM).

Fully embedded across the platform, Black Kite AI Agent enables users to ask questions in the context of any page or use pre-built “Blueprints” to launch deep investigations, generate custom reports, and more. Black Kite AI Agent is powered by a network of sub-agents so that when a user asks a question or uses a Blueprint, the appropriate sub-agents are automatically launched to handle the task.

Key features and benefits include:

  • Deep Investigations: Investigates vendor findings, changes in risk scores, cyber ratings, RSI™, and the impact of breaches on third-party networks.
  • Executive and Board Reporting: Generates custom reports and board communication packages with risk trends, concentration areas, and impact with charts and metrics.
  • Procurement Decision Support: Benchmarks prospective vendors with side-by-side risk scores, RSI™, breach history, and financial impact analysis to support onboarding decisions and contract negotiations. 
  • Navigation Guidance: Provides instant answers, guidance, and navigation tips based on best practices, help articles, and support tickets to maximize platform utilization and value.
  • Build and Scale TPRM: Gives expert TPRM advice to guide in building and scaling a third-party risk management program, such as key processes, team structure, and R&Rs.
  • Vendor Prioritization: Ranks vendors by severity and business impact, analyzing findings, FocusTags™, score changes, RSI™, and more to highlight the most urgent cases for action.
  • Document Q&A: Enables the ability to query vendor documents (e.g., SOC 2 reports, ISO certifications, policies) by asking plain-text questions (e.g., “Do they require MFA?”) to extract control-specific information. 

The Trusted Choice for Third-Party Cyber Risk Intelligence

Black Kite has achieved a 5-year Compound Annual Growth Rate (CAGR) of 70%. Further fueling Black Kite’s momentum, the company surpassed key milestones, including expansion of its leadership team, high customer satisfaction scores that go beyond industry standards, recognition by leading industry analysts, and winning prestigious cybersecurity awards for innovation and excellence.

Key highlights include:

  • Achieved a 5-year Compound Annual Growth Rate (CAGR) of 70%.
  • Achieved record high industry standards in customer satisfaction, including: NPS score of 74-plus; 93% Customer Satisfaction Score (CSAT) for onboarding; and consistently receiving a 100% CSAT in customer support for 12 months with a 96% first call resolution rate.
  • A 100% channel-first organization, Black Kite has a powerful network that includes 300-plus partners. From global resellers and managed services providers to GRC leaders and technology integrators, partners include Aravo, Guidepoint, Optiv, Onspring, Avertium, ServiceNow, LogicGate, CGS CyberDefense, and Carahsoft, to name a few.
  • Black Kite Bridge™, the industry’s first solution enabling customer-vendor collaboration, has built a strong community of thousands of third parties, growing over 100% quarter over quarter.
  • Expanded its leadership with Jack Jones, originator of the industry’s standard risk measurement model known as Factor Analysis of Information Risk (FAIR) and the FAIR Controls Analytics Model (FAIR-CAM), who joined as Strategic Advisor. Additionally, appointed Jessica Stanford as Chief Marketing Officer (CMO) and David Sauer as Vice President of Strategic Alliances to drive growth, enhance brand positioning, and expand strategic partnerships in the cybersecurity industry. 
  • Recognized as a Sample Vendor in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025, which we feel validates that Black Kite’s focus on evidence-based, quantifiable, and transparent risk intelligence is precisely where industry analysts see the market heading. 

For more information on Black Kite AI Agent, visit https://blackkite.com/ai.

Leave a comment »

Legacy Tech/Shadow AI Jeopardizes Healthcare

Posted in Commentary with tags on November 19, 2025 by itnerd

A new survey of 1,000+ frontline healthcare professionals has revealed that outdated legacy technology jeopardizes healthcare cybersecurity with nearly all (98%) of respondents reporting inefficient technology creates delays or errors in patient care.

You can find more details here: https://www.presidio.com/news/presidios-new-healthcare-ai-report-reveals-industry-is-facing-a-technology-crisis/

Henrique Teixeira, SVP of Strategy at cybersecurity company Saviynt, commented:

“Shadow AI is quickly becoming a bigger danger than shadow IT. Spinning up unsanctioned SaaS apps was already a problem, but AI reaches far more users. Essentially everyone in a hospital or university touches AI tools every day. Many are creating and using AI agents that behave and have permissions similar to employees. Research from Presidio shows that more than 60% of frontline healthcare professionals say their systems are outdated and inefficient, and nearly 90% say their tools don’t meet their needs. Meanwhile, 55% of U.S. healthcare workers are planning to switch jobs in 2026.

“Healthcare is, in my view, one of the most complex identity environments: doctors will continue to switch jobs, and many juggle multiple hospital roles and even patient-identities. Add unmanaged ‘shadow AI agents’ into that mix and the attack surface explodes. Organizations need an identity program that unifies the governance of humans, machines and AI agents because least privilege principles must apply to everyone, and everything. Including our AI coworkers, sanctioned or not.”

This is another example of healthcare getting the short end of the stick and as a result, there are knock on effects in terms of tech which in turn affects people who need care. This needs to change. But you knew that already.

Leave a comment »

Quorum Cyber Strengthens Leadership Team with New Senior Appointments

Posted in Commentary with tags on November 18, 2025 by itnerd

 Quorum Cyber has made a series of appointments to its senior leadership team to meet its strategic goals. 

John Bruce has joined the Microsoft-only company as Chief Information Security Officer (CISO), Mike LaPeters as Chief Revenue Officer (CRO), Stacey Sweeney as Chief Marketing Officer (CMO), and Melissa Webb as Vice President – Microsoft Partnership. 

The company has grown from a specialized cybersecurity startup into one of the fastest-scaling cybersecurity providers in the market. As a preferred Microsoft security partner and a mission-driven defender for mid-market and enterprise organizations, Quorum Cyber continues to invest aggressively in senior leadership to support accelerating demand across North America, the United Kingdom, and emerging global markets. 

These appointments reflect the company’s commitment to building a world-class executive team capable of scaling operations, strengthening its customers’ cybersecurity and cyber resilience, and advancing its leadership in the Microsoft security ecosystem.

As a seasoned risk and cybersecurity executive with over 25 years’ experience, John Bruce joined as the company’s CISO to further strengthen defenses across the business. He has previously held CISO roles at Places for People Group and CGI as well as senior global partner and director positions at IBM, Lloyds Banking Group, and Royal Bank of Scotland Group. 

Chief Revenue Officer Mike LaPeters has 30 years’ experience in building and leading sales and marketing organizations and channels for security, storage and infrastructure software products. Prior to Quorum Cyber, Mike held a number of senior leadership roles, including CRO at both Huntress and Domotz, VP of Worldwide Sales for VeloBit, VP of North American Sales for AVG Technologies, and VP of Worldwide Sales for Winternals. 

Stacey Sweeney brings nearly 30 years of cybersecurity marketing leadership experience to the Chief Marketing Officer role. She has built high-performing teams to shape and revitalize brands. Her previous leadership roles span emerging to mature companies including Akamai, Quantum Xchange, SANS Institute, and General Dynamics.

With more than two decades of senior leadership experience in the enterprise technology sector, Melissa Webb’s role as Vice President – Microsoft Partnership will drive and grow Quorum Cyber’s strategic partnership globally. Her previous positions include Global Alliance Executive for Microsoft Azure at Red Hat, Director of Business Development for Microsoft Azure, and Director of Global Strategic Alliance Marketing at VMware. 

Leave a comment »

Software vendor serving 700+ banks hacked, credit union says

Posted in Commentary with tags on November 18, 2025 by itnerd

Comparitech has reported that Marquis Software Solutions suffered a data breach in August that compromised Social Security numbers, tax ID numbers, account numbers, and dates of birth. This is according to a notice published yesterday from Community 1st Credit Union, one of the impacted banks.

Rebecca Moody, Head of Data Research at Comparitech, commented: 

“This attack highlights how companies not only face the ongoing threat of ransomware attacks within their own systems but also through the systems of third-party vendors they use to carry out various services. It’s also why these types of companies appeal to hackers, as they can often access hundreds of companies’ data through just one target.

While we don’t yet know how extensive this breach is, the notification issued by Community 1st Credit Union does appear to imply that a number of financial institutions have been impacted in the attack. Therefore, it’s likely we’ll see the current figure of 6,876 (the total affected via C1st) growing in the coming weeks.”

Ah, supply chain attacks. This is becoming the bread and butter of threat actors as they can hit a bunch of targets with ease. This means that organizations need to ensure that their partners are as secure as they are, otherwise bad things will happen to them.

Leave a comment »

Liquibase Secure Extends AI Governance to the Database Layer, Closing the Gap Between AI Safety and Data Integrity

Posted in Commentary with tags on November 18, 2025 by itnerd

Liquibase today announced new AI governance capabilities in Liquibase Secure, extending enterprise control to the database layer. The update addresses a growing blind spot in AI strategy: ungoverned database changes made by AI agents, automation scripts, and large language models that now interact directly with production data.

AI Governance Stops at the Model, but Risk Lives in the Database

As enterprises move faster with AI, most governance frameworks focus on model bias, explainability, and privacy. The greater risk often hides at the data layer. AI agents that can write or modify database queries can alter or delete production data, introduce schema drift, or corrupt AI training sets before traditional security controls ever detect them.

According to the 2025 State of Database DevOps Report, 78% of organizations struggle with AI-driven data challenges, while Gartner estimates that 40% of agentic AI projects will be canceled by 2027 if they lack clear governance at the data layer. The conclusion is unavoidable: AI governance that stops at the model is incomplete.

Liquibase Secure: Database-Layer Controls for AI Workloads

Liquibase Secure provides the automation and governance infrastructure that makes AI adoption safe, compliant, and auditable.

  • Automated Policy Enforcement: Blocks destructive AI-generated changes before production across 60+ database platforms
  • Role-Based Approval Enforcement: Integrates with enterprise CI/CD and access controls to ensure all database changes, including those generated by AI, are reviewed and approved prior to deployment.
  • Automated Drift Detection: Identifies unauthorized schema modifications and environment inconsistencies before they affect downstream systems or model training.
  • Tamper-Evident Audit Trails: Creates a verifiable record of every change for frameworks such as SOX, HIPAA, GDPR, NIST AI RMF, and the EU AI Act.
  • Targeted Rollback: Reverses problematic changes in minutes instead of hours
  • Schema-Level Data Lineage: Captures the full history of structural evolution, which is critical for AI model provenance and regulatory audits.

Liquibase’s observability and rollback capabilities ensure that even AI-driven changes remain explainable, reversible, and fully traceable, providing a foundation for responsible AI at scale.

Extending AI Capabilities to Database Governance

Liquibase Secure also introduces new AI-powered tools that accelerate delivery while maintaining control. The AI Changelog Generator, built from Liquibase’s frontline experience supporting enterprise database teams, converts natural language descriptions into validated changelogs that align with governance policies. It helps developers move from idea to production-ready change in seconds while preserving auditability and consistency.

The Liquibase Secure Developer Extension for VS Code brings schema management, history review, and policy enforcement directly into the IDE so developers can work faster without sacrificing traceability or compliance.

Together, these capabilities show how Liquibase is using AI to enhance governance, productivity, and developer experience across the database lifecycle.

MongoDB Partnership: Eliminating the Speed vs. Control Trade-Off

Liquibase also announced a new strategic technology integration with MongoDB, the unified data platform that powers modern, data-intensive, and AI-driven applications.

MongoDB’s flexible document model is a powerful enabler for rapid iteration and experimentation in dynamic AI environments. As agility drives growth, managing and tracking evolving schemas across many projects becomes a critical governance need. Issues like inconsistent field names or untracked schema drift can quietly disrupt analytics pipelines, corrupt training data, or derail audits over time.

Liquibase Secure integrates directly with MongoDB to provide continuous governance without slowing innovation. Every collection change runs through automated policy checks. Drift detection flags unapproved updates before they spread. Structured, tamper-evident logs deliver a single source of truth for auditors and data scientists.

Regulatory Pressure Makes Database Governance Imperative

Emerging regulations demand database-layer governance. The EU AI Act requires rigorous data traceability for high-risk AI systems. NIST’s AI Risk Management Framework establishes federal and private sector baselines. Traditional frameworks, SOX, HIPAA, PCI DSS, GDPR,  and DORA now intersect with AI workloads, creating compound compliance obligations.

Without database-layer controls, organizations face higher compliance costs, extended audits, and increased exposure to AI-amplified data errors.

Strategic Leadership: New Head of AI Strategy & Technology Innovation

Liquibase has appointed Kristyl Gomes as Head of AI Strategy and Technology Innovation, a newly created leadership role. Gomes brings more than 15 years of experience spanning database engineering, DevSecOps, and infrastructure automation.

Most recently, she served as Liquibase’s VP of Engineering, where she led development of the company’s cloud-native platform, expanded its multi-cloud footprint, and launched the first wave of AI-powered developer tools. In her new role, Gomes will guide how Liquibase applies AI across its product suite, from accelerating schema management and compliance automation to redefining AI governance at the data layer.

From Risk to Readiness

Liquibase Secure transforms databases into AI-ready systems that balance speed, safety, and compliance. By governing schema changes across platforms such as MongoDB, PostgreSQL, Snowflake, and Databricks, Liquibase helps enterprises accelerate delivery while maintaining the trust their AI initiatives depend on.

Availability

Liquibase Secure’s MongoDB integration is available today. Learn more at https://www.liquibase.com/mongodb

Leave a comment »

Early Black Friday Deals from Anker SOLIX

Posted in Commentary with tags on November 18, 2025 by itnerd

With Black Friday coming up, here’s a round-up of early Black Friday Deals from Anker SOLIX, the global leader in power delivery and energy storage solutions. 

These offers start today November 18 and run to December 1 (end of day).  

C1000 Gen 2 Portable Power Station – 1,024Wh | 2,000W 

  • Black Friday Price: $589 (save $610) 

A compact 1-kWh unit with a sub-1-hour full recharge and 2,000W output. It’s designed to handle high-draw devices and essentials.

C2000 Gen 2 Portable Power Station – 2,048Wh | 2,400W 

  • Black Friday Price: $1,099 (save $900) 

A 2-kWh unit with expandable capacity, 2,400W output, and RV-ready ports – suited for home backup, cottage/off-grid power, and more demanding workloads.  

F3000 Portable Power Station 3,072Wh | 3,600W 

  • Black Friday Price: $1,999 (save $1,900) 

A high-capacity 3-kWh power station with expansion up to 24kWh, dual solar input for faster recharging, and built-in wheels and handle for easier transport. It’s designed to power everything from everyday devices to mini fridges, tools, and RV essentials – and can provide half a day of home backup on its own, or up to two days when expanded.  

All models offer solid performance, fast charging, and practical capacity for everyday scenarios, making the Black Friday pricing worth noting for readers looking at dependable backup power or entry-level to mid-range portable energy systems. 

Leave a comment »

TELUS brings back Buy One, Give One offer

Posted in Commentary with tags on November 18, 2025 by itnerd

There’s a uniquely Canadian, purpose-driven campaign from TELUS that’s giving a new meaning to the traditional concept of BOGO. This Black Friday weekend (Nov 28-30), for every new or certified pre-owned phone purchased, TELUS will give a free phone and plan to a Canadian youth transitioning out of government care through its Mobility for Good program

Now in its 5th year, TELUS’ Buy One, Give One initiative empowers Canadians to shop with purpose –  knowing their purchase is helping bridge digital divides and keep vulnerable youth connected. The offer is available online, by phone, and at select stores. Since its launch in 2017, the Mobility for Good program has provided support for over 69,000 people. 

Together, these initiatives reflect TELUS’ ongoing commitment to giving back and making a positive impact on customers and communities across Canada.

Leave a comment »

« Older Entries
Newer Entries »