Insights

We are excited to announce that Patrick Kelley, Founder and CEO of Critical Path Security, will be speaking at BSides Saskatoon 2025 on Friday, August 22, 2025, at The Broadway Theatre in Saskatoon, SK, Canada. About the Event BSides Saskatoon is back for its second year, bringing a full day of cybersecurity talks and networking to the local community, with a half-day of training on August 21. This year's event promises a dynamic lineup of industry experts, hands-on learning opportunities, and engaging conversations for both seasoned professionals and newcomers in the field. Patrick will bring his direct, relatable perspective on managing burnout and mental health in cybersecurity, drawing from over 25 years of frontline experience. His talk will explore practical strategies for resilience while navigating the unique challenges faced by defenders in high-pressure environments. Why This Matters At Critical Path Security, we believe that cybersecurity is not just about protecting…

Quantum computing is no longer a far-off academic experiment. It's an approaching reality that will break many of the cryptographic foundations we rely on to protect sensitive data. Recognizing this, the Canadian Centre for Cyber Security has released a roadmap for migrating to post-quantum cryptography (PQC), offering clear guidance for government departments and agencies to prepare before it's too late. At Critical Path Security, we've been tracking these developments closely, helping our clients understand the operational impacts of PQC while cutting through the quantum hype. Here's what you need to know. What the Canadian Roadmap Says The guidance outlines a staged approach: Inventory and assessment: Identify where cryptography is used, what data is protected, and which systems will need PQC migration. Develop a transition plan: Prioritize systems based on sensitivity and exposure to long-term confidentiality risks. Test and integrate PQC: Begin testing candidate PQC algorithms alongside existing cryptography to evaluate…

We're back on track. Critical Path Security is proud to continue supporting Ryan Vargas as he heads into an exciting doubleheader week in the NASCAR Canada Series, with races in Edmonton on July 12th and Saskatoon on July 16th. For us, it's more than just a logo on the hood. It's about the shared mindset between cybersecurity and racing-making fast, clear decisions under pressure while managing risk at high speeds. In both fields, mistakes can be costly, and preparation is everything. Ryan's journey is one we're proud to stand behind. His determination, adaptability, and relentless drive mirror the commitment we bring to our clients every day. Whether he's making moves in the pack or taking care of his team in the pits, Ryan embodies what it means to perform under pressure, and we're excited to see him continue pushing forward in Canada. As the engines fire up in Edmonton and…

The approval of NERC CIP-015-1 marks a major shift in how critical infrastructure operators must defend their environments. For years, compliance efforts focused on keeping attackers out, but CIP-015-1 recognizes that perimeter defenses alone are not enough. Now, asset owners are required to monitor internal network activity to detect and respond to threats moving laterally within trusted networks. This new standard isn't just a regulatory hurdle; it's an opportunity to align compliance with meaningful security improvements that strengthen your operations against modern threats. 1. Introduction FERC's approval of NERC CIP-015-1 marks a pivotal shift in how critical infrastructure operators must secure their environments. This new standard moves beyond perimeter-focused security to require continuous internal network monitoring to detect lateral movement within trusted zones. At Critical Path Security, we see this as an opportunity for asset owners to align compliance with stronger defense against advanced threats. 2. What Is CIP-015-1 and…