My Cybersecurity Blog

Cybersecurity insights focusing on Cyber-Physical Systems (CPS), ransomware threats, and threat intelligence by Jonas Colmsjo.
 

Agentic AI in Digital Forensics

Concerns, Safeguards, and Lessons from a Real Investigation
Hunting

Can agentic AI assist digital forensic investigators? This article examines concerns from peer-reviewed literature, surveys deployment options for sensitive data, and shares practical lessons from using Claude Code in a forensic investigation — including the open-source arti toolkit developed during the project.

Feb 25, 2026
 

EU vs US Cybersecurity Compliance: Two Stacks, One Problem

From ISO 27001 vs NIST CSF, through ISO 27002 vs CIS Controls and SP 800-53, to Certification vs SOC 2 — How Two Regulatory Cultures Build Different Compliance Architectures
GRC

A structural comparison of EU and US cybersecurity compliance stacks — from anchor frameworks like ISO 27001 and NIST CSF, through control catalogs like ISO 27002, CIS Controls, and SP 800-53, to trust mechanisms like ISO 27001 certification and SOC 2 reports — including the critical 2026 supply chain divergence where CRA and OMB M-26-05 move in opposite directions.

Feb 22, 2026

Diagram showing four layers: Strategy, Organization, Processes, and Technology, with cross-cutting concerns (Privacy, Economics, Human Factors, Resilience) spanning all layers.

IT Security Strategy Framework

A Four-Layer Model for Organizational Security
GRC

A comprehensive IT security strategy framework synthesized from the literature and practical experience, organized into four layers: Strategy, Organization, Processes, and Technology.

Feb 11, 2026
 

The 2026 CIO/CISO Agenda: Eight Trends Reshaping IT and Security Leadership

From AI Disillusionment to Agentic Agents, Personal Liability to Geopolitical Realignment
GRC

A data-driven analysis of the eight forces reshaping the CIO and CISO agenda in 2026 — drawing on survey data from Gartner, Forrester, IDC, McKinsey, ISC2, and the World Economic Forum.

Feb 11, 2026
 

ISO 27001, NIST CSF, and CIS Controls: Three Lenses on Cybersecurity Practice

GRC
There’s a common misconception in cybersecurity discussions: that ISO 27001, NIST CSF, and CIS Controls are competing standards, and organizations must “choose” one to…
Jan 11, 2026
 

Password Hygiene

Practices
I’ve put together a simple generator for mobile friendly passwords and a password card that can be printed.
Dec 14, 2025

Cyber-Physical Systems Under Attack: From Critical Infrastructure to Automotive Security

CPS
Automotive
Cyber-physical systems (CPS) represent the convergence of computation, networking, and physical processes. These systems control critical infrastructure including power…
Dec 4, 2025
 

To what extent do the Swedish Cybersecurity strategy meet the EU NIS2 requirements?

GRC
The new Swedish Cybersecurity strategy, Nationell strategi för cybersäkerhet 2025-2029 (Skr 2024/25:121), was released on 20:th of March 2025. Here is a evaluation to what…
Apr 12, 2025
 

IoT Case Study: Smart Argicultare

IoT
Smart devices are currently flourishing in all parts of our society. There are many gadgets with questionable benefits but also applications with very real benefits. The…
Mar 12, 2025
 

Threat Hunting

Hunting
För att skydda sina servrar bör man givetvis uppgradera alla komponenter med jämna mellanrum och bevaka CVE:s för att kunna patcha allvarliga luckor som dokumenterats. Ofta…
Nov 27, 2024
 

Asset and Attack Surface Management

Hunting
Ett bra sätt att få en känsla för ett nytt område är att titta på jobb-annonser. Jag såg en annons från WSP där dom söker Attack Surface Reduction Analyst. WSP verkar arbeta…
Nov 17, 2024
No matching items