TRANSMISSION ACTIVE

// FREQ: TECH SECTOR EPISODE: 016 STATUS: SECURE

016 PE and VC Funds Are Now Liable for Portfolio Cyber Breaches: The PowerSchool Case Study

On March 18, 2026, a federal judge in California allowed class action claims against Bain Capital to proceed for a data breach at PowerSchool that occurred before Bain acquired the company. The ruling rewired the fiduciary calculus for every PE partner, VC general partner, family office principal, and corporate development executive deploying capital in 2026. Cyber diligence is no longer a checklist item — it is fiduciary duty with personal exposure attached. This transmission is the briefing for the investor side of the equation.

JUMP POINTS //

00:00

The March 2026 Ruling That Rewired Cyber Diligence

A federal judge in California allowed class action claims against Bain Capital to proceed for a PowerSchool data breach involving 60 million students and 10 million teachers — a breach that happened before Bain acquired the company. The federal court ruled the acquirer holds legal liability for the seller’s pre-acquisition cybersecurity failures. Every PE partner, VC general partner, and family office principal deploying capital in 2026 just got a new precedent to operate under.

01:39

The PowerSchool Case Walkthrough

The CISO breaks down how PowerSchool went from a startup with rapid school district adoption to a $5.6 billion Bain Capital acquisition — and how stolen vendor credentials, a ShinyHunters ransom demand, and a class action lawsuit converted the deal into a federal litigation problem for the acquirer. Why the old assumption that “the seller carries pre-close liability” no longer holds. Why reps and warranties insurance policies are not the indemnity backstop the industry assumed they were.

08:26

Why Financial Diligence Is Rigorous and Cyber Diligence Isn't

The double standard inside every investment process: forensic accountants, ledger scrutiny, deep financial risk assessment — and then “did they get a SOC 2? Yes? Done.” The CISO connects the PowerSchool ruling to the Yahoo/Verizon precedent, where Verizon negotiated a $350 million reduction off a $4.8 billion deal after discovering undisclosed breaches. Why real cyber diligence is both a fiduciary protection and a negotiating tool that reduces overpayment risk.

12:46

The Five-Point Technical Assessment Every Investor Needs

The five findings the CISO looks for when running cyber diligence on a target: secrets in repositories (credentials sitting in GitHub for years), undocumented data flows (where PII actually lives versus where founders think it lives), production access sprawl (admin rights given to engineers who left two years ago), missing audit trails (you can’t rule out a prior breach without logs), and vendor sprawl with missing DPAs. The five-point assessment is the operational core of every investor’s new diligence framework.

15:34

The Three Layers of Fiduciary Exposure

What it actually costs when a pre-close breach surfaces six months after acquisition. Fund-level exposure — $2 to $10 million in legal fees before settlement, reputational damage that affects the next fundraise. GP-level exposure — the letter to limited partners that gets read across every other fund in the LP’s portfolio. Personal liability for the partner who signed the investment committee memo recommending the deal. Why proving you did real diligence is the difference between a defensible position and a settlement nightmare.

18:15

The Three Marching Orders Starting Monday

What every PE partner, VC general partner, family office principal, and corporate development executive must execute this week without breaking their deal pipeline: upgrade the diligence framework beyond SOC 2 verification, audit the existing portfolio against the new standard, and build cybersecurity posture into LP reporting. The work that mitigates court-assessed liability if a portfolio company breach surfaces and the fund ends up in front of a judge.

// INCOMING SITREP

The full operational playbook — the four-stage cyber due diligence framework, the five-point technical assessment in deployable detail, deal structure options for risk allocation, and the existing-portfolio audit protocol. Read the SITREP dossier.

ACCESS THE BRIEF »

TRANSMISSION LOG //

The Ruling That Changed What It Means to Write the Check

For most of the last decade, cybersecurity due diligence inside a PE or VC investment process was a checklist item. Pull the SOC 2 Type 2 report, confirm it is unqualified, verify no disclosed breaches in the last 24 months, move on. The reps and warranties insurance policy was the assumed indemnity backstop. The seller was assumed to carry any pre-close cybersecurity liability. The deal team would write a one-paragraph cyber risk section in the investment committee memo, the partners would approve, the wire would transfer, and the next deal would enter the pipeline.

On March 18, 2026, a federal judge in California ended that era.

A class action against Bain Capital — Bain Capital, the buyer, not just the portfolio company — was allowed to proceed for a data breach at PowerSchool that occurred two months before Bain’s acquisition closed. Sixty million students. Ten million teachers. Social security numbers, medical records, financial information. Stolen vendor credentials used to access systems in August 2024. A ransom demand from the ShinyHunters group in December 2024. Public disclosure in January 2025. And a federal court that decided the acquirer can be held legally responsible for the seller’s pre-acquisition cybersecurity failures.

If you are deploying capital in 2026 and your diligence framework has not been updated since March, you are personally exposed to the same scenario.

The PowerSchool Walkthrough — How a Startup Became a Federal Docket

PowerSchool was a textbook SaaS success story. An education software platform where parents, students, teachers, and administrators could view grades, homework, and attendance in one place. Adoption started with one school district, spread to two, then three, then exponentially across the K-12 market. Investors took notice. Bain Capital closed on a $5.6 billion acquisition in October 2024.

Two months earlier — August 2024, before Bain owned the company — a threat actor accessed PowerSchool’s systems using stolen vendor credentials and exfiltrated the personal data of millions of students and teachers. The breach was not discovered until December 28, 2024, when ShinyHunters made a ransom demand. PowerSchool disclosed publicly on January 7, 2025. Multiple class actions were filed against both PowerSchool and Bain Capital.

The standard assumption inside the investment community — that the previous owner carries liability for pre-close conduct — would have predicted PowerSchool, the original company, would bear the legal exposure. The court ruled the opposite. The acquirer should have done deeper diligence. The acquirer took ownership of the security posture at close. The acquirer is now on the named-defendants list.

The Diligence Double Standard

Inside every PE and VC investment process, there is a stark asymmetry between financial diligence and cyber diligence. Financial risk gets the full treatment — forensic accountants, ledger scrutiny, multi-week engagements, written reports the investment committee actually reads. Cyber risk gets a SOC 2 verification and a paragraph in the memo.

The Yahoo/Verizon precedent should have ended that asymmetry seven years ago. Verizon’s due diligence team dug deep into Yahoo’s cybersecurity posture and discovered breaches Yahoo had not disclosed. The result: Verizon negotiated the original $4.8 billion offering price down by $350 million. That number — roughly seven percent of the deal — remains the most-cited reference point in every PE diligence memo for a reason. Real cyber diligence is not just fiduciary protection. It is a negotiating tool. The acquirer who finds the gaps before close is the acquirer who avoids overpaying.

PowerSchool turned the same insight from a financial argument into a legal one.

The Five-Point Technical Assessment

When the CISO walked through what a real cyber diligence engagement looks like inside a target, the findings he listed were the five most common deal-killing exposures in SaaS targets today.

Secrets in repositories. AWS access keys, database passwords, API tokens, OAuth credentials committed to GitHub years ago by a developer who has since left the company. Most pre-Series-B SaaS targets have hundreds of historical secrets in their git history. A meaningful subset are still active.

Undocumented data flows. The founders point to the production database as where customer PII lives. The scan finds it scattered across Slack message exports, Notion pages, Airtable bases, three different S3 buckets, two developer laptops, and a test environment that was never decommissioned. Every location not named is an unknown regulatory liability the fund inherits.

Production access sprawl. Every engineer who has ever worked at the target still has production database credentials. Half no longer work at the company. None of the access has been revoked. The CISO sees this routinely in startups that grew past 20 engineers without a dedicated security function.

Missing audit trail. The target cannot produce logs showing who accessed customer data in the last 12 months — not because the access wasn’t logged, because logging was never configured. The CISO called this the casino problem: you are essentially sitting at the table hoping. Without logs, the acquirer cannot rule out an undiscovered prior breach. That is exactly the PowerSchool scenario waiting to happen.

Vendor sprawl with missing DPAs. The target uses 40 or more SaaS tools — adopted quickly during the startup phase, often on free tiers, sometimes without proper contracts. Executed Data Processing Agreements exist for a handful. The rest are processing customer data without contractual protection.

The CISO was clear: identifying these findings does not mean the deal should die. It means the investor needs to understand the risk and price it accordingly.

The Three Layers of Fiduciary Exposure

When a pre-close breach surfaces six months after acquisition, the cost lands in three places.

At the fund level, the class action names the portfolio company and the fund. Defending it costs two to ten million dollars in legal fees before any settlement. The reputational damage affects the next fundraise — LPs Google the fund before committing, and the PowerSchool incident attaches to the fund’s record permanently.

At the GP level, when the breach becomes public, the general partner writes a letter to the limited partners. That letter is read by every other GP in the LP’s broader portfolio. The fund’s name circulates through the LP community attached to a cybersecurity failure for the life of the vintage.

At the personal level, class action plaintiffs increasingly name the specific partners involved in the acquisition decision. The partner who signed the investment committee memo recommending the deal is on the named-defendants list. LP investors in that fund can turn around and sue the partner personally for damages.

The CISO closed this section with the line that ties the entire episode together: there is a lot of liability and a lot of financial risk at stake — as long as you can prove that you did your due diligence. If all you did was look at a SOC 2 report, proving the absence of real diligence is the easiest thing a plaintiff’s counsel will do that quarter.

The Three Marching Orders

The CISO closed with three concrete actions every investor can execute starting Monday without breaking the deal pipeline.

Upgrade the diligence framework. Pull the current cyber diligence checklist. If it consists of “verify SOC 2” and “confirm no disclosed breaches,” that framework was built for a world that no longer exists. The new framework includes the five-point technical assessment, runs in parallel with financial diligence, and produces a written report that goes into the investment committee record.

Audit the existing portfolio. Every portfolio company acquired under the old framework may carry exactly the kinds of latent findings the new framework is designed to surface. As an investment partner, the fund has the right to commission a cybersecurity assessment of any portfolio company. The findings inform board-level remediation requirements. The audit cost is a small fraction of a single fund-level class action defense.

Build cyber into LP reporting. Add cybersecurity posture as a recurring line item in quarterly LP communications. The fund that can credibly report on portfolio-wide cyber posture is the fund that closes its next vintage faster. And in litigation, the existence of documented quarterly cyber reporting mitigates the damages a court will assess against the fund.

The Operational Playbook Is Here

The episode is the strategic briefing. The operational playbook — the four-stage cyber due diligence framework in deployable detail, the five-point technical assessment with vendor tool recommendations, the three deal structure options for risk allocation, and the existing-portfolio audit protocol — is laid out in this week’s Sitrep dossier: The Investor’s Cyber Due Diligence Framework: A Four-Stage Playbook for PE and VC Funds After the PowerSchool Ruling.

The precedent is set. The framework is what changes.

// DECODED TRANSCRIPT

Access the full text logs of this transmission for compliance and review purposes.

Actual (00:00)
Welcome to status secure. Today’s transmission is for the investor side of the equation. So we talk a lot about how companies can implement cybersecurity measures, security measures for various reasons. But today we want to talk about something in regards to an event that took place in March of 2026, where a federal judge in California issued a ruling that rewired in a way cybersecurity diligence for

the investment community. So what happened is the judge allowed a class action claims against Bain Capital, who was the buyer of power school and power school what they had a data breach before the acquisition happened, where 60 million students 10 million teachers, there were stolen vendor credentials, or ransom demand. Two months, this all came to light after the close.

So the federal court that decided the, the acquirer in this case had legal liability and was responsible for the sellers pre acquisition cybersecurity failures. And so this is what we wanted to talk about today is, um, you know, if you’re deploying capital in 2026 and your diligence framework hasn’t been updated since March, you’re personally exposed to maybe this happening. So now we have a new precedent.

And, you know, we were discussing this topic, CISO and we were just, we were originally discussing this from the side of power school or from the side of the company itself. Let’s call it a startup. And when we were talking, you, you thought that, Hey, we should probably focus on the other side of the equation. So why don’t you dig further into that for us?

The CISO (01:39)
Sure, so you mentioned Power School. So let’s talk about that, right? So Power School is this startup company that created an application where parents and students and teachers and educators could view grades, homework, attendance, all of that in one place.

So, and then they took off because everybody started using them because one school started, then it went to two schools, three schools, UC, right? Exponentially, right? And so they became a really big player in this space. And so of course, then investors got interested, right? Investors got interested and, you know, and wanted to purchase, right? And invest in the company.

So when you’re doing sort of like, or you’re acquiring them, right? Like, so you’re investing or you’re acquiring them into, like especially in funds that are building, buying companies and making it part of their portfolio. There’s a process that happens. You verify their SOC 2, that there’s not, it’s not, there’s no, like there’s not a,

what they call qualified or unqualified, right? So there wasn’t any findings that were too egregious in their SOC 2 or any that they didn’t resolve, fix, right? You’re looking at, you know, you’re confirming that, hey, they disclosed all of their breaches, right? You know, and then you just, you take a look at those things, like a checklist. And if everything looks good, then you’re like, okay, we’ll put our money here. And

What happened was like the the warranties insurance policies. What they you know what people assumed is that this is that and they assume this that you know, power school. There’s a time you know there’s a date when they sold it right to this fund or to this investor or this you know acquiring company or whoever. So anything that happens before that date is not the new owners.

fault. Everything before that is the power school, the previous owner, right? That’s what everybody, you know, assumes it is, right? And that probably used to be how courts used to rule. But what happened was with the power school, you know, because they had some serious security events happen.

after the purchase. And so, it comes to all the damages, because now people are suing, because their data and their children’s data was breached and exposed. So now there’s a class action lawsuit. And that’s a lot of money. And so now it’s like, who’s liable?

you know, when you go to court, what they’re looking at is who was negligent, who was aiding and abetting. And that kind of determines like, does the previous owner pay 10 % or 90 %? It’s the new owner’s pay, right? So what the court said was that the, you know, what they said was that the acquiring

company actually owns the liability. They should have done their due diligence. They should have really, really take a look. And then once they took ownership, it’s now their responsibility to make sure the security is there. What happened before is no longer the current state.

So the seller isn’t really as accountable as the new, as the acquirer. So let’s say you’re the fund that acquired Power School. Now you have to write a letter out to all of your, it’s usually a limited partnership that owns the fund.

And so now you’ve got to write out this letter, okay? And you have to explain like what happened and the basically the fiduciary failure that happened that right now your fund owns a company that’s in the middle of a class action lawsuit.

Actual (05:54)
Yeah

and you know…

something about the startup community, would say there’s a common, there’s a common conversation around security, whether it’s right or wrong. don’t know if that matters, but a lot of the, the mindset in that world is sort of, don’t worry about it. It’s kind of like, you don’t have much of a budget. You’re trying to get, build a product. You’re trying to get customers. You’re trying to become something worth, the investors time, right. And attention. And so.

build it, build it, build it, build it, get customers, get customers, start making money. Right. And when you know, you hear some of these conversations of like, Hey, you know, should I invest in a certain amount of money into my security? It’s like, there doesn’t seem to be kind of a urgency behind that you get a lot of like, put the money into sales and marketing. And we’ll figure out cyber on the back end. And so

I would imagine as on the flip side, if you’re a venture fund of some sort, and this is your, this is like the basis of what you do is to find great golden, you know, opportunities that look like they’re going to bring in good ROI for your LPs and for you and put them into your portfolio. And so this situation is a good one to discuss. It’s a good precedent because I think now

we can look at it from that side of the house of going, it’s another thing to look at, right? It’s another piece of the puzzle to when we’re doing our due diligence to look at and go, hey, did you guys do this? If you are in that world and especially where you need it, it’s did you do it? And let’s make sure it happens. I know something that some of these companies will do is they’ll come in with their legal teams, right?

the venture firms can afford to have, you know, a big four legal team or maybe the people who started the company couldn’t. And so they will do a, there will be this due diligence around legal contracts and things. And I feel like this sort of falls into the same place of now we’re doing due diligence around our security, which is important. If you can get into trouble because of not having

IP type contracts with maybe the people who helped build your code. Um, and you can also get into trouble with, um, like what happened with power school by not having proper security when you built it to a certain size. And so what is, see, so what would you say, uh, does a V a P E, you know, private equity partner or, or venture capital, you know, partner or just people that work at the firm that are working on these.

The CISO (07:55)
type contracts.

Actual (08:20)
deals, what can they do differently in their diligence to make sure this doesn’t happen to them?

The CISO (08:26)
Yeah, mean, sorry, you can I mean, the power school thing is public information. So you can look that up. But ⁓ but for the investment people, you know, what you want to do is there is always a lot of rigor around financial risk. You know, I mean, that’s been around for a long time. When they’re investing, they look at ledgers, they, you know, scrutinize, they hire

you know, forensic accountants, right? Like they go all out to look at the financial risk before they purchase a company. When they look at security, most of the time they’re like, okay, did they get a SOC 2? Yes, they did. We’re done. I mean, you can see the difference, right? You can see the difference right there. So a real risk assessment, a real security risk assessment, quantifying the cost of undiscovered breaches, the cost of

remediating gaps, all of those things need to be performed to the same kind of rigor that you would on the financial risk side, you need to do on the cyber risk side. A good example is Yahoo. So Verizon wanted to purchase Yahoo. So Verizon did their due diligence. They really dug into Yahoo’s security.

And they found that Yahoo did not disclose some breaches. And in order to find that, they really dug deep. So what happened was they originally offered $4.8 billion on Yahoo. Once they found that Yahoo had not disclosed breaches,

that they were not aware of, they were able to negotiate and reduce by 350 million the offering price. So when you’re the private equity or the venture capitalist, when you’re the, these things sit, you need to do because in the end it’s actually helps you with your negotiation. Cause you don’t wanna overpay.

and then go in and realize, no, now you have to spend millions of dollars to fix their security, right? Why not say, hey, we’re gonna have to fix your security. This is how much it’s gonna cost us. So we’re gonna reduce that from our offering price.

Actual (10:37)
You know, you brought

up a great point. What is people’s number one complaint about selling their companies? You know, to the, ⁓ to the acquirer, it’s the negotiation and how frustrating that process can be over a long period of time. And one of those things that you brought up is what you’ll see is, and we’re going to negotiate this and sometimes it’s ⁓

just to see what they can get, right? Just to see how much they can knock down the purchase price, because why wouldn’t they? It’s business, you know? If I can bring the purchase price down and make a bigger ROI, great. And so that’s maybe a reason why it can last so long. However, on this aspect, this is great for them, because you’re not just saying, here’s a tactic to help you negotiate from the investment side, but you’re actually killing two birds with one stone by saying,

Here’s a way you can knock down the acquisition price, also cover your ass, right? Like a little CYA and make sure that you don’t get screwed because of a cybersecurity breach in the future. So it’s not just a money thing, which makes me feel better. It’s going, no, this is real, you know, and you guys needed to have security. You should have had it. You know, we’re still interested in acquiring you. However, we got to knock the price down like what Verizon did for a valuable or viable reason. And this is important.

because we don’t want to have to deal with your breach maybe, right? And so, and we want to make sure that we have implemented good cybersecurity, like good actual, maybe not just like a certification on the wall that says I’ve been certified, but maybe like actual security. So when things happen, cause they can happen all the time, they can happen tomorrow, six months from now, they’re protected. And cause a piece of paper isn’t necessarily going to protect you.

So this kind of segues us is when now you got me thinking that I come in, I’m doing my due diligence as this acquiring company. I brought on one of the big four consultants to dig through their financials or someone to dig through legal or whatever. So now how does that look from the cyber side? Right, so now, okay, this sounds good. This is great. Add it into my team here.

as we go in and do our deals. So now when I want to pull out my cyber team and put them into the diligence process, how does that look?

The CISO (12:46)
Well, usually, you want to look for five things. One is secrets and repositories, which is basically passwords everywhere, credentials. Credential is not secured properly because that’s an easy way for threat actors to get into your systems. When you were in the startup phase, you hired a developer who came in to build something.

You know, and he’s the one who coded it. He’s the one who had the credentials and now you’ve never changed those credentials and it’s somewhere out on like GitHub, you know? So, you know, those things, you want to look for those things. Undocumented data flows. What this means is that, you know, that they need to know where all their data, you know, is going. The flow of their data, especially highly sensitive data like PII, customer PII. Like if they can’t show you

where all the data is going and where it’s sitting. you know, that’s a, that’s kind of a red flag, right? Because now you have exposure that you’re not aware of. Production access fall. This is the, I mean, I see this all the time in startups, you know, they, they give everybody admin rights because they need to move fast. So over permissions is everywhere and they haven’t fixed it. Missing audit trails.

So if you ask them to show, what customers access what data? And they can’t. You have two problems. You have one, which is they don’t know how to configure security. That’s a telltale sign. And two, you really don’t know who’s accessing what. And so again, it leaves you blind. You’re basically sitting at the casino just hoping.

hoping to win. And of course, like the vendor, right? Because in the beginning, they try a lot of different vendors, they try a lot of different products, and they don’t keep track of them. And a lot of times, because they’re startups, they want to save money. So they’ll try new products or assess that there isn’t a real contract. It’s just terms and conditions.

And so you don’t really know like what rights you have with your own data. So those are the things that you should look at to see if, and I’m not saying that you shouldn’t purchase them. I’m just saying you need to be aware so you understand the risk of purchasing them and the costs, the potential costs.

Actual (15:05)
Got it. And now just, just so that we know, you know, if someone listening doesn’t know, or just out of curiosity, let’s say now, right, starting today, moving forward, we have a company that’s, we’ve, closed the deal, right? The acquisition is closed. And then six months later, we come across a pre-closed breach. So what is, what happens? Like what’s the actual cost?

at the fund level or maybe for the person who championed the deal. What happens here?

The CISO (15:34)
Okay, well, let’s talk about what happened with power school because again, you know, they’re public. what happened there is public information. So you can just go look at it. So at the fund level, you know, the class action names the, you know, names powers, you know, power school and the fund. So now you got to hire lawyers to defend, right, to go to court. You’re talking two to 10 million in legal fees, right, for before settlement.

You know the reputational damage to the fun like now, you know people like wow, you know Should I really invest with them? Right? So, know, it’s harder to really Raise like do that your next fundraise, right because people it’s gonna be fresh people gonna be googling you right? They’re gonna know what happened at the

GP level, the general partnership level, what happens is when the breach becomes public, the GP has to write a letter to the limited partners. And this letter is ready by every, it’s read by every GP and LP in the portfolio. So again, reputation.

And now the power school situation is going to be attached to your fund for from now until you know forever. Right. And it’s going to really cause people to pause.

So on the personal liability for the partner, what happens there is

that each partner, like their names are attached to it because they have to write letters. And now the letters, they have to sign the letters. So the names are attached to it. And then the partner who signed the investment committee memo recommending the deal is on that named defendant list in the class action. So they can be personally liable for that. If I was an investor now, so now I could turn around and sue.

and sue for damages from that partner, if I was an investor in that fund. So there’s a lot of liability there. There’s a lot of financial risk there. As long as you can prove that you did your due diligence. But if all you did was look at a SOC 2, it’s going to be pretty easy to prove that you did not. You did not do everything you can. Your fiduciary duty.

to your investors.

Actual (17:44)
Got it. And so obviously we

can’t slow down the pace of deployment. We can’t slow down investment funds, the opportunities that present themselves to us, all of those things, right? We’re still going to do business. So in thinking about our marching orders this week for private equity firms, venture capital firms, family offices, whoever the investors are, the acquisition, the acquirer, what are three things that they can execute?

starting Monday without breaking their deal pipeline, but three things they can add to better protect themselves in terms of what we’ve been discussing.

The CISO (18:15)
Yeah, so the first is, know, like, take a look at your process now. Like, what is your diligence framework for reviewing potential, you know, acquisitions and investments? Make sure that the security, the security diligence portion is more than just verify SOC 2. You know, we made some recommendations earlier. Make sure those are in there. Second.

audit the existing portfolio. So just because you’ve already purchased or invested doesn’t mean that you don’t have the right to now go back and review, know, do a cyber security assessment, you know, to make sure that, you you can say, hey, you know, and you can tell them too, cause now you’re an investment partner, right? You can say to them, hey, we did our own security assessment and we find that you’re…

Deficient in these areas. We want you to remediate these right you can you can give that to the board for them to make decisions Three is make sure that your you build cyber into your LP reporting, right? Make sure you’re informing like what are you doing? What’s the cyber of you know, your investments look like that way everybody’s communicated this is where when you go to court these things will help mitigate the

the amount, the dollar amount that a judge will kind of say you’re obligated to pay because of what you do or didn’t do.

Actual (19:38)
Got it. Well, hey, that’s it for today. Cybersecurity diligence, it’s not a checklist anymore. Right? It’s an added layer to your fiduciary duty. So mission success is about knowing what you’re actually buying, not what the seller’s deck is saying. But knowing where the data lives, knowing who has access to it, knowing what is in the code based, the trust but verify concept. So let’s go ahead and execute to the standard and we’ll see you next week.

JOIN "THE WATCH" //

Receive critical SITREPs, Industry Alerts, and Threat Indicators sent directly to your inbox.

By submitting this form, you agree to our Terms & Conditions and Privacy Policy.

SILENCE THE NOISE. AMPLIFY THE SIGNAL.

INTELLIGENCE IS USELESS IF YOU AREN'T LISTENING.

Join The Watch to receive New Episode Alerts, Strategic Breakdowns, and Guest Intel delivered to your inbox.