Greetings to all of you carbon based life forms both biological and electronic! Welcome to the new home of #RealTalk with Aaron Bregg. If you are coming here from some place other than LinkedIn, YouTube or the Podcast (note: put links to the content in the post), then you may not be aware of what you stumbled across. So sit back and let me explain.
In this little corner of the Internet we primarily discuss topics related to healthcare information technology and security. While we may talk about non-security items from time to time, our primary goal is to educate. This is done by sharing useful information with honest opinions.
You and your family's data security and privacy is very important to us. As such we will not only share actionable information but go over 'conceptual' things as well. I fortunately work for a healthcare system that cares very much about community. That in turn gives me a chance to share real world experiences (albeit de-classified) that should help you in your journey to be safer in the 'digital world'.
Here is a small sample of the content that we want to cover in 2025:
AI Security & Governance- OWASP LLM Top 10 deep dives with healthcare-specific scenarios
- Model Context Protocol (MCP) security: Why this matters for healthcare AI integration
- Evaluating AI agent security vendors: When "cutting edge" isn't ready for patient care
- Building AI governance frameworks that actually work in clinical environments
- AI-orchestrated cyber espionage and what it means for healthcare targets
- Email security beyond the basics: Protecting against sophisticated social engineering
- CISA's new AI-OT guidance: Translating government speak into actionable hospital security
- Practical Secure Development Lifecycle implementation in resource-constrained environments
- Clinical data governance: Balancing innovation with HIPAA reality>/li>
- When to build vs. buy: Security tooling decisions for mid-sized healthcare systems
A quick technical note: This site was built with security in mind from day one. My "Virtual teammate" AI (Claude Code) helped architect a remote MCP server on AWS with proper authentication and token rotation. Why mention this? Because practicing what we preach matters. If I'm going to write about AI security and secure development, the infrastructure running this content better reflect those principles.
So whether you're a healthcare CISO trying to make sense of AI security, a developer navigating the SDLC process, or just someone who wants honest takes on what works (and what's just vendor hype), you're in the right place. No fluff. No selling. Just #RealTalk about the security challenges we're all facing.
Grab your coffee, bookmark this site, and let's learn together. 😊