Compliance matters. But compliance is not assurance.

Frameworks, SA&A, ITSG-33, Zero Trust guidance, and control catalogues all have value. But none of them, by themselves, prove that a system is secure, resilient, or mission-fit.

For complex government systems, security needs to be engineered into requirements, architecture, interfaces, verification, evidence, and risk decisions.

That is why government cybersecurity needs Systems Security Engineering.
https://medium.com/@pjhillier/compliance-is-not-assurance-why-government-cybersecurity-needs-systems-security-engineering-05cf7162ff36

I’ve been writing more about Systems Security Engineering on Medium because I think we’re still having the wrong cybersecurity conversation.

Too much of our field remains trapped in a late-stage compliance mindset:

“Did we meet the control?”
“Did we pass the assessment?”
“Did we buy the tool?”
“Did we check the box?”

Those questions matter, but they are not enough.

Systems Security Engineering asks harder questions earlier:

What mission are we protecting?
What failure conditions matter?
What assumptions are we making about trust?
How do security requirements shape architecture, procurement, supply chains, operations, and assurance evidence across the lifecycle?

That shift matters because cybersecurity is no longer just an IT function. It is a systems problem, a procurement problem, a resilience problem, and increasingly, a national security problem.

My Medium work explores that intersection: where cybersecurity, systems engineering, assurance, resilience, and public-interest security need to converge.

For anyone working in defence, critical infrastructure, government procurement, supply chain security, or cyber policy, I’d welcome your thoughts.

You can find the work here:
https://medium.com/@pjhillier

#Cybersecurity #SystemsSecurityEngineering #SSE #CyberResilience #SupplyChainSecurity #Defence #NationalSecurity #Assurance #SecureByDesign

Cyber strategy spends a lot of energy defending systems.

But the real security decisions happen earlier — in engineering and procurement.

Systems Security Engineering might be the missing piece. https://medium.com/@pjhillier/the-missing-link-in-cybersecurity-strategy-systems-security-engineering-in-defence-procurement-e916c1a8cc67

This wasn’t the deal.

Strength means protecting your own.
That’s not politics. That’s just common sense.

A strong leader is supposed to insulate the people who stand behind him, not expose them.

You can see the difference when you look at leaders who treat stability and protection as their primary job. Take Mark Carney. Whether people agreed with every decision or not, his role was clear:
reduce risk, steady the system, and shield ordinary people from unnecessary shock.
No theatrics. No blame games. Just protection.

That’s what leadership looks like when it’s doing its job.

Now compare that to what many supporters South of us were told they were signing up for:
• the pain would hit competitors, not families at home
• disruption would be strategic and temporary
• ordinary people would be protected
• loyalty would matter

That was the deal.

But if policies were supposed to hurt others and instead raised prices, increased risk, and landed costs on the people who trusted them… then something broke.

That doesn’t mean anyone was stupid.
It doesn’t mean bad intentions.
It just means the outcome didn’t match the promise.

You’re allowed to notice that.

You don’t owe lifelong loyalty to any politician.
You don’t owe silence when the costs land where they weren’t supposed to.
And reassessing a bad deal isn’t betrayal; it’s judgment.

Support is conditional.
Trust has to be earned.
And loyalty doesn’t mean defending failure—it means expecting protection.

No outrage.
No labels.
Just outcomes.

America is turning 250… and decides to celebrate by proving they learned absolutely nothing.”

So for the 250th anniversary of the United States, Donald Trump proposes:
• A nationally staged youth competition
• Two teenagers per state
• Heavy symbolism
• Televised patriotism
• Ideological purity tests
• And a vibe that screams ‘Rome, 2nd century AD’

And we’re supposed to clap because it’s called Patriot Games instead of Authoritarian Youth Olympics.

Branding matters.

Let’s Strip the Costume Off This Thing

This isn’t about athletics.
This isn’t about unity.
This isn’t even about patriotism.

This is state-sponsored spectacle replacing civic meaning.

When a country can’t talk honestly about:
• its institutions,
• its failures,
• its contradictions,
• or its future,

…it starts throwing parades at the idea of itself.

That’s not celebration.
That’s avoidance with fireworks.

Why Teenagers? Be Honest.

Because teenagers are:
• emotionally resonant
• politically symbolic
• easier to moralize
• and can’t vote against you yet

Nothing says “freedom” like using minors as ideological props.

This is what happens when a movement runs out of policy and switches to casting directors.

Hunger Games Much?

Not hyperbole. Structural.

One boy. One girl. From each jurisdiction.
National capital.
Elite event.
Winner narrative.
Heavy symbolism.
Loyalty theater.

The only difference is the soundtrack and the merch table.

And when critics point this out, the defense is:

“Relax, it’s just sports.”

Right, and the Olympics were just track meets in Berlin, 1936. Context matters. Intent matters. Power always matters.

🛐 + 🥊 + 🇺🇸 = ????

A prayer rally.
A UFC fight at the White House.
A state fair on the Mall.

This isn’t governance; it’s a playlist for people who confuse dominance with strength.

It’s not a republic at 250.
It’s a midlife crisis with a flag code violation.

The Most Damaging Part?

It trains people, especially young people, that:
• citizenship is performance
• patriotism is conformity
• dissent is disloyalty
• complexity is weakness
• and history is something you chant over, not learn from

That’s how democracies rot without a coup.

Not with tanks.
With applause.

This Is the Line That Should Terrify Everyone

When a nation celebrates its founding without teaching its principles,
when it replaces reflection with ritual,
when it chooses spectacle over substance,

…it’s no longer commemorating history.

It’s auditioning for myth.

And myths don’t need citizens.
They need extras.

America didn’t survive 250 years to become a halftime show. It survived because it argued, corrected itself, broke things, rebuilt things, and occasionally listened.

Turning the semiquincentennial into a nationalist talent show isn’t patriotic. It’s the sound a republic makes when it’s scared to look in the mirror and decides to flex instead.

The new U.S. NSS reshapes Canada’s position in North America — and most Canadians won’t see the shift until it’s already in motion.
The document quietly reframes our sovereignty, our resources, and even the roles of Canadians working inside U.S. defence and industrial systems.
It’s subtle, but strategically dangerous.

https://medium.com/@pjhillier/when-partnership-turns-hierarchical-what-the-2025-u-s-79d526a6f167

#Canada #Geopolitics #NationalSecurity #ForeignPolicy #NorthAmerica