> 🎙️ This post was auto-generated from the [Tech Updates podcast](https://rss.com/podcasts/tech-updates-by-andres-sarmiento/2607614) episode. Geopolitical tensions, zero-day exploits, and healthcare data breaches converge in this week's cybersecurity landscape—a perfect storm of threats that demand immediate attention from security teams everywhere. In a single week spanning late February through early March 2026, organizations faced escalating state-sponsored cyber operations, active VMware vulnerabilities, and the fallout of a massive healthcare data exposure affecting over a million individuals. What This Episode Covers Geopolitical Cyber Escalation: Iranian-linked cyber operations intensifying following U.S.-Israel military strikes, including coordinated phishing campaigns targeting critical infrastructure and government entities VMware Aria Operations Zero-Day (CVE-2026-22719): A command injection vulnerability now listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, actively weaponized in the wild University of Hawaiʻi Cancer Center Ransomware Breach: Disclosure of a 2025 attack impacting up to 1.2 million individuals, exposing sensitive healthcare data and revealing extended dwell times in healthcare environments Deep Dive Geopolitical Cyber Escalation: When Kinetic Meets Digital The escalation of Iranian-linked cyber operations in late February represents a critical shift in the threat landscape. Following U.S.-Israel military strikes, threat actors affiliated with Iranian state interests have ramped up offensive cyber operations—a classic pattern of asymmetric response when conventional military options are constrained.
Welcome to the new it-learn.io — now running on Hugo + S3 + CloudFront.
Same content, same topics: IT, networking, security, and the occasional deep dive. Faster, cheaper, and fully automated.
Stay tuned for new posts and podcast episode recaps from Techupdates.
> 🎙️ This post was auto-generated from the [Tech Updates podcast](https://rss.com/podcasts/tech-updates-by-andres-sarmiento/2607482) episode. As breaches become a matter of when, not if, the security industry has shifted focus from prevention to containment—and microsegmentation at the application level is emerging as the critical control that stops attackers dead in their tracks. In this technical deep dive, we explore three enterprise-grade platforms designed to enforce zero trust principles at the workload and process level, stopping lateral movement before it becomes a breach. What This Episode Covers Microsegmentation fundamentals — how application and workload-level policies differ from network-level segmentation Illumio Zero Trust Segmentation — host/agentless visibility, AI-powered policy automation, and breach isolation capabilities Akamai Guardicore Segmentation — kernel-level process enforcement, automated policy generation, and Osquery threat hunting integration Cisco Secure Workload — workload dependency mapping, eBPF tracing, and native integration with ACI and Kubernetes Emerging 2025-2026 trends — agentless enforcement modes, machine learning anomaly detection, and scalability for thousands of workloads Technical architectures and enforcement mechanisms — understanding how each platform detects, enforces, and responds to policy violations in real time Deep Dive Why Microsegmentation Matters in 2026 Traditional network segmentation relies on perimeter controls and network zones—but modern infrastructure has shattered the perimeter. Hybrid environments, multi-cloud deployments, and containerized workloads mean that attackers who breach one system are often just a lateral hop away from critical assets. Microsegmentation flips this model: instead of trusting everything inside a zone, zero trust principles enforce least-privilege policies at the application and workload level, based on actual process identities, behaviors, and dependencies. This granular approach means that even if an attacker compromises a web server, they cannot automatically access a database or authentication service without explicit policy approval.
> 🎙️ This post was auto-generated from the [Tech Updates podcast](https://rss.com/podcasts/tech-updates-by-andres-sarmiento/2598062) episode. Your traditional perimeter firewall is becoming obsolete—and organizations that don't adapt risk leaving critical vulnerabilities in their multi-cloud, hybrid work environments. In this episode, we explore how hybrid mesh architectures are fundamentally reshaping enterprise network security, backed by Gartner's inaugural Magic Quadrant and real-world deployments from industry leaders. What This Episode Covers The rise of Hybrid Mesh Firewalls (HMF) — what they are and why Gartner formalized this category in 2025 Multi-deployment firewall strategies — how hardware, virtual, cloud-native, and FWaaS solutions work together under unified management Vendor landscape — Palo Alto Networks, Fortinet, Cisco, and other leaders pushing unified security approaches Operational benefits — centralized policy management, consistent threat prevention, and reduced complexity across distributed infrastructure Future trends — SASE/SSE integration, quantum-readiness, and the shift from east-west to omni-directional threat prevention Real-world implications — how hybrid mesh addresses multi-cloud, edge computing, and remote work security challenges Deep Dive Understanding Hybrid Mesh Firewalls A Hybrid Mesh Firewall isn’t a single appliance—it’s an architecture. It represents multi-deployment firewalls (hardware, virtual, cloud-native, and Firewall-as-a-Service) managed from a single cloud-based control plane. The key innovation: consistent security policies, threat intelligence, and detection capabilities across your entire infrastructure, whether that’s on-premises data centers, AWS, Azure, GCP, edge locations, or remote user endpoints.
> 🎙️ This post was auto-generated from the [Tech Updates podcast](https://rss.com/podcasts/tech-updates-by-andres-sarmiento/2594798) episode. The Secure Service Edge (SSE) platform landscape is evolving at an unprecedented pace, with major vendors rolling out game-changing features throughout 2025 and into 2026. If you're responsible for securing your organization's network infrastructure, understanding these latest enhancements from Palo Alto Networks, Zscaler, and Cisco isn't just nice to know—it's essential to making informed technology decisions for your enterprise. What This Episode Covers Palo Alto Networks Prisma Access — Flow visualization, SD-WAN enhancements, and Strata Cloud Manager improvements Zscaler Platform Updates — AI Security Suite, advanced DLP capabilities, and Client Connector refinements Cisco Secure Access Evolution — Universal ZTNA, AI Defense, and AI-Aware SASE architecture 2026 Roadmap Priorities — Enterprise AI security, strict enforcement models, and hybrid deployment strategies Practical Implementation Considerations — What these updates mean for your infrastructure planning Deep Dive Palo Alto Networks: From Infrastructure Visibility to AI-Ready Management Palo Alto’s Prisma Access is solidifying its position as a comprehensive SSE platform with tangible improvements to operational visibility and management capabilities. The February 2025 Prisma SD-WAN updates introduced flow visualization—a critical feature for network engineers who need real-time insights into traffic patterns across distributed environments. This isn’t just eye candy; it’s the foundation for identifying bottlenecks, troubleshooting performance issues, and validating security policies in practice.
> 🎙️ This post was auto-generated from the [Tech Updates podcast](https://rss.com/podcasts/tech-updates-by-andres-sarmiento/2587027) episode. The window between a vulnerability disclosure and active exploitation in the wild is shrinking at an alarming rate—and exploit kits are the reason why. What once took weeks or months now happens in hours, thanks to automated attack frameworks that scan the internet continuously and deploy payloads with minimal human intervention. For IT teams and security professionals, understanding how exploit kits operate has moved from "nice to know" to "mission critical." What This Episode Covers How exploit kits function as automated attack platforms The mechanics of vulnerability scanning and payload deployment at scale Why the exploitation window after CVE disclosure keeps shrinking The primary targets of exploit kit campaigns (internet-facing infrastructure) Defensive strategies that move beyond reactive patching Patch prioritization frameworks and attack surface reduction techniques Building proactive exposure management into your security posture Deep Dive The Evolution of Automated Attacks Exploit kits represent a fundamental shift in how cyberattacks are executed. Rather than relying on skilled attackers to manually identify vulnerable systems and craft custom exploits, these automated platforms handle the heavy lifting. Think of an exploit kit as a plug-and-play attack infrastructure—once configured, it continuously scans the internet, fingerprints systems, identifies vulnerabilities, and deploys malicious payloads without requiring active attacker intervention.
> 🎙️ This post was auto-generated from the [Tech Updates podcast](https://rss.com/podcasts/tech-updates-by-andres-sarmiento/2576762) episode. Your firewall isn't just protecting your network anymore—it's become the primary target. In the latest Tech Updates episode, we explore a perfect storm of vulnerabilities hitting critical infrastructure, from CCTV systems to the perimeter devices you rely on most. If you manage internet-facing systems, this is required listening. What This Episode Covers CVE-2026-1670: A critical 9.8 severity vulnerability affecting Honeywell CCTV systems Ransomware campaigns targeting firewalls: Why attackers are shifting focus to perimeter devices Surge of high-severity CVEs: A wave of infrastructure vulnerabilities published this week Perimeter security strategy: Understanding why the network edge has become the primary battleground Deep Dive The Honeywell CCTV Vulnerability: More Than Just Camera Feeds The critical vulnerability in Honeywell CCTV systems (CVE-2026-1670) represents a growing problem in IoT security. With a CVSS score of 9.8, this isn’t a minor flaw—it’s a critical security gap that could allow attackers to hijack cameras and compromise password systems.
> 🎙️ This post was auto-generated from the [Tech Updates podcast](https://rss.com/podcasts/tech-updates-by-andres-sarmiento/2568894) episode. February's cybersecurity landscape is moving at breakneck speed, with major vendors racing to patch critical vulnerabilities while attackers exploit zero-days in the wild. This week's Tech Updates episode cuts through the noise to highlight the stories that demand your immediate attention—and the strategic shifts they signal. What This Episode Covers Microsoft Patch Tuesday — 54 vulnerabilities patched, including 6 zero-days requiring immediate action Apple’s Emergency Update — An actively exploited zero-day affecting iOS and macOS devices AI and Attack Surface Expansion — New research on how enterprise AI adoption is creating security blind spots The Strategic Reality — Why speed, visibility, and governance matter more than tool proliferation Deep Dive Microsoft’s February Patch Tuesday: 54 Vulnerabilities and 6 Zero-Days Microsoft’s monthly Patch Tuesday updates are always significant, but February’s release underscores a troubling trend: zero-day vulnerabilities are becoming routine. Six zero-days in a single update means attackers had already discovered and likely weaponized these flaws before Microsoft could develop fixes.
> 🎙️ This post was auto-generated from the [Tech Updates podcast](https://rss.com/podcasts/tech-updates-by-andres-sarmiento/2559558) episode. Cisco Live EMEA 2026 delivered a masterclass in how enterprise infrastructure must evolve to meet the demands of AI-scale operations. With over 21,000 attendees gathering in Amsterdam, the conference revealed that networking, security, and operations are undergoing a fundamental transformation—and your infrastructure strategy needs to evolve accordingly. What This Episode Covers Silicon One G300 ASIC: Cisco’s new 102.4 Tbps programmable switching chip designed for AI data centers AI Defense Portfolio Expansion: New security controls for AI supply chains, agent governance, and runtime protection AgenticOps: Cisco’s autonomous operations framework bringing AI-first intelligence to networking and security AI-Powered Collaboration: Webex enhancements including real-time translation and AI-ready devices Strategic Positioning: How Cisco is positioning itself as an AI platform company, not just a networking vendor Sovereign Infrastructure & Data Fabrics: Emerging trends in integrated, AI-optimized data center design Deep Dive The Silicon One G300: Redefining Data Center Performance The headline announcement was the Silicon One G300, a programmable switching ASIC delivering 102.4 Tbps of throughput. For network engineers, this isn’t just another spec bump—it’s built from the ground up to handle the unique demands of AI workloads.
> 🎙️ This post was auto-generated from the [Tech Updates podcast](https://rss.com/podcasts/tech-updates-by-andres-sarmiento/2542146) episode. # Goldman Sachs, Claude Opus 4.6, and the Enterprise Race for Agentic AI Agentic AI is no longer theoretical—it’s moving into production environments at some of the world’s largest financial institutions. In this episode, we explore how enterprises are operationalizing autonomous AI systems, what the latest Claude model brings to the table, and what observability challenges IT teams need to prepare for right now.
> 🎙️ This post was auto-generated from the [Tech Updates podcast](https://rss.com/podcasts/tech-updates-by-andres-sarmiento/2517328) episode. # Zero Trust Adoption is Accelerating: Here's What You Need to Know The security landscape is shifting beneath our feet, and zero trust is no longer a buzzword—it’s becoming the standard that government agencies and enterprises expect you to implement. With recent NSA guidance, major partnerships forming around critical infrastructure, and security vendors racing to expand their federal presence, the zero trust movement has reached an inflection point that every IT professional needs to understand.
> 🎙️ This post was auto-generated from the [Tech Updates podcast](https://rss.com/podcasts/tech-updates-by-andres-sarmiento/2100679) episode. # Transforming Your Data Center for the AI Era: Cisco Live 2025 Innovations AI isn’t coming to your data center—it’s already there. And if your infrastructure isn’t ready for it, you’re about to face some serious challenges. At Cisco Live 2025, one of the strongest focal points was helping organizations transform their data center infrastructure to handle the massive, unprecedented demands of AI workloads. Let’s break down what Cisco announced and why it matters for your organization.
> 🎙️ This post was auto-generated from the [Tech Updates podcast](https://rss.com/podcasts/tech-updates-by-andres-sarmiento/2098101) episode. As artificial intelligence reshapes the technology landscape, Cisco is charting a bold new course for the future of networking and security. During Cisco Live 2025 in San Diego, company executives laid out a strategic vision that places AI agents and autonomous applications at the center of network architecture—forcing organizations to rethink everything they thought they knew about infrastructure. What This Episode Covers The emergence of “agentic AI” and what it means for enterprise networks How autonomous applications and AI bots will fundamentally change network demands The need for reimagined network architecture to handle unprecedented data scales Cisco’s unified platform strategy for the AI-driven era Embedding intelligence across the networking and security portfolio Building adaptive, secure, and operationally efficient networks for tomorrow Deep Dive The Agentic AI Era is Here We’re not talking about the ChatGPT-style AI that responds to prompts. Agentic AI represents a fundamentally different paradigm—autonomous agents and bots that can perceive their environment, make decisions, and take action with minimal human intervention. These aren’t tools you query; they’re systems that operate independently, managing tasks, making trade-offs, and learning from outcomes.
Quick post on Implementing Cisco Secure Endpoint leveraging Cisco Secure Client Cloud Deployment - Cool stuff and easy to deploy and implement
First go to SecureX (https://securex.us.security.cisco.com)
Click the Insights Tab Go to Deployment Management on the Left SideBar
On the right Go to –> + Create New Add a name and Click Save
Under the Cloud Management Section, you will have 2 options – Depending on your needs you can have it to AutoUpdate or NoAutoUpdate. This is a cool feature and will be the best way to keep the Core Modules updated
Today I want to start off by sharing a few things that I have been researching for a while. I have had a lot of curiosity about incident response, I want to understand how it works, what is expected from an IR team, and much more.
For the last few days, I have also been asking my new friend ChatGPT about it so that I can get some of the answers and things that go on during an Incident Response engagement.
I consider it should be a good idea to start with a quick overview or list of Attack Vectors before we dive right into what goes into the Detection and Analysis phase.
Companies should be able to prepare and have plans around common attack vectors, and what to do in those cases, we went over that in our previous post, but this time as a refresher, here is a non-exhaustive list of common attack vectors:
I want to take the opportunity to break down what goes into the preparation for incident response and what things could like from the perspective of an infosec professional.
Going back to NIST, there are a few things that are considered:
Part of a well-defined IR Plan includes things like creating an IR Policy and plan, and what tools will be used for performing incident handling and reporting. A determined team structure, who are the players?, lead Engineers? who is in charge of collecting forensic data? what happens during the eradication and recovery phases, and who is in charge? Should these functions be assigned to a team or an individual? - A well-described line of communication between teams and technical and executive teams (Yeah - Executives need to be involved)
Last year AnyConnect went through an interesting transformation, its name changed to Secure Client, and looks like Cisco realized that the amount of information that could be collected from it and other services, makes it a good data mine for Security context and information.
But what is the buzz about, what changed? A few interesting things changed, and one of the most important things that changed was the way to deploy it or roll it out to an environment.
Today I want to create a quick blog post that goes over setting up Umbrella in a few different ways, you may notice that these will be long posts, so I will have to break this into a few different posts over the coming weeks.
If you are new to Cisco Umbrella, well here is a quick explanation of what it is and how it works:
Cisco Umbrella offers flexible, cloud-delivered security. It combines multiple security functions into one solution, so you can extend data protection to devices, remote users, and distributed locations anywhere. Umbrella is the easiest way to effectively protect your users everywhere in minutes.
Hey we are back, this time I want to explore the section of the deployment of Umbrella, where we can configure a device to communicate and forward all traffic to Umbrella
We will concentrate on the section for Network Devices this time: The main idea of this integration is that the devices will become an Identity, which you can use later to apply policy under any of your settings inside Umbrella
