Notes from the Chief Security and Trust Officer
I’ve spent my career in the chaos. As a Navy veteran, a former NSA analyst, and now leading the Blackpoint SOC and security and trust function, I have learned one thing that never changes: the work that matters happens in the trenches, not in the slide decks.
That is why I am starting this series.
Beginning the first Wednesday of every month, I will publish “Notes from the Chief Security and Trust Officer” on the Blackpoint website and Linkedin. This is my direct line to our partners, our customers, and the broader MSP community with no filter, no theory, and no sales pitch. I want this to be what I am seeing, what my teams are seeing, and what you can actually do about it.
Here’s what to expect:
Every month I will roll up our weekly Threat Pulses into one clear picture. You already know the Pulse for the speed at which our SOC and our Adversary Pursuit Group (APG) break down real incidents as they happen. The monthly note pulls those threads together so you can see the patterns and not just the snapshots including the campaigns that are escalating, the tactics that are fading, and the trusted workflows attackers keep abusing to look like they belong.
I will also bring you product announcements that strengthen how you protect your clients, and company news tied to the thing I care about most: Trust. To me, security is not a product, it is a promise. When we ship something new or make a commitment about how we operate, you will hear the reasoning straight from me.
And I will not just tell you. I will show you. This past week our APG team broke down a live intrusion that proves the point I keep coming back to: attackers exploited a critical SimpleHelp RMM flaw to log in as a trusted technician, then deployed two never-before-seen malware families we named TaskWeaver and Djinn Stealer to steal cloud, developer, and AI-tool credentials. We published the full breakdown, indicators of compromise and all, on the Blackpoint blog, and the findings were significant enough that CISA added the flaw to its Known Exploited Vulnerabilities catalog. That is the kind of ground truth I will bring you here every month.
The threat landscape is not slowing down. Attackers are not forcing their way in anymore. They are logging in, blending into normal activity, and exploiting the tools your clients trust every day. The defenders who win are the ones who stay close to the ground truth, share what they know, and move fast together.
We control the chaos for a living, and I want to show you how we do it.
See you on the first Wednesday of next month.
Wil Santiago
Chief Security and Trust Officer, Blackpoint Cyber
DATE PUBLISHEDJuly 1, 2026
AUTHORWil Santiago
SHARE ON
2026 Annual Threat Report
What actually worked for attackers in 2025.
Most attackers aren’t breaking in
They’re logging in
Explore the real patterns behind modern intrusions in the 2026 Annual Threat Report