On Maintaining Living Systems
1–26–2026 (Monday)
Hello, and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for middle market companies, their investors, and executive teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Monday, January 26, 2026, and we’re continuing to navigate very turbulent conditions here in the US and abroad. The killing of Alex Pretti is weighing heavily, and I think it’s worth acknowledging that weight.
I hope only that I would be as gracious, composed, and compassionate as he was in his final moments, and those leading up to it.
On the cyber front, we’ve also had a big week, including some old problems resurfacing, a trend that seems to perpetuate around here.
On Maintaining Living Systems
There was news last week from Fortinet that attackers are exploiting a vulnerability that was supposedly previously addressed.
The background is that a patch that was supposed to be fixed in December - and we covered on this very show - was, actually, not fixed.
Reporting indicates that the attack pattern is exactly like it was prior to the patch, and the guidance from Fortinet remains the same.
I understand it can be frustrating to think that you’ve already patched an item, and it turns out the patch didn’t fix the issue.
It would be nice to say that this is just a Fortinet problem, but we also saw Cisco having to issue a patch for a vulnerability that was also present in other products that were recently patched.
Unfortunately, this is simply the nature of running complex software. These systems take active maintenance - sometimes called “care and feeding” - much in the way that any other complex system does in your house, your car, or any other number of parts of our modern lives.
I think it’s often wishful thinking that we can just push a patch and be done, but computers, like all other systems in our universe, tend towards entropy over time. Maintaining that order - as noted in the Second Law of Thermodynamics - takes a tremendous amount of energy.
Your job, therefore, is to balance the amount of energy you have available to fight entropy with the amount and complexity of systems that you employ.
Complex systems can offer tremendous advantages, but they often come at costs that are both non-obvious and significant. Patching software is one of those costs.
The alternative, of course, is that you don’t use anyone else’s tool or code - but we all know that’s both not feasible or reasonable, and is premised on the idea that you yourself wouldn’t write vulnerable code or introduce vulnerabilities yourself (also not true, of course).
It’s interesting, therefore, to see some of the reporting around both the Fortigate vulnerability and the Cisco issue indicated that the primary attack vectors were from actors in China, when China has “told domestic companies to stop using cybersecurity software made by roughly a dozen firms from the U.S. and Israel due to national security concerns” - Reuters reported last weekReuters reported last week.
The U.S. companies whose cybersecurity software has been banned include Broadcom-owned VMware, Palo Alto Networks and Fortinet, while the Israeli companies include Check Point Software Technologies.
Hard to read in to this, especially as these companies have both physical and market footprints in mainland China. Fortinet has three offices in mainland China and one in Hong Kong, according to its website. Check Point’s website lists support addresses in Shanghai and Hong Kong. Broadcom lists six China locations, while Palo Alto lists five local offices in China, including one in Macau.
Perhaps this is simply posturing, or perhaps it’s tit-for-tat for something we’ve yet to see in the news. Regardless, it’s another wrinkle to the ongoing struggle between great powers where Cyber is now a front line.
Your job, as noted, is to defend accordingly as the landscape continues to shift beneath our feet.
Fundraising
From a fundraising perspective, we’re coming back to more realistic numbers, with only (“only”) just over $6B in newly committed capital last week (though would note that we’re already over $75B for the month at this point).
I would expect to see transaction volumes increase in the months ahead, as the decks get shuffled, LPs seek liquidity, and investors look for their next growth opportunity.
A reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and now sign up for our monthly newsletter, the Intentional Dispatch.
We’ll see you next week for another edition of the Intentional Brief.
Links
https://fortiguard.fortinet.com/psirt/FG-IR-25-647
https://www.bankinfosecurity.com/attacks-target-freshly-patched-critical-fortinet-flaws-a-30575