7 min. read • Email this page
Listen to this blog post:
The Rose Garden in Elizabeth Park, Hartford
Growth, updates and thinking things through
In 2025 Bryley increased its R&D spending and as a result bolstered clients’ AI-powered defenses, deploying products that do different and specific tasks, but with some overlap, an emerging part of a layered defense approach.
AI defenses work along the general premise that when an action occurs or data is accessed in an unexpected way, the action can be halted and a human investigator notified to learn if the action was benign or malicious. These tools are helpful as criminal attacks have been developed that can shape-shift to evade the standard means of detection.
Here are some more highlights from the past year:
Boston Business Journal’s Fast 50 Class of 2025
Our growth comes from the trust our clients have in us, CEO Garin Livingstone said. When our clients succeed, we succeed. When they have success, they count on more of our services and many times refer us to other businesses. This growth lets Bryley invest more in our team and technology, which in turn better supports them to future success. Our relationship to our clients is a partnership.
Bryley Systems has earned a spot among the Boston Business Journal’s Fast 50 [paywall], recognizing the company as one of Massachusetts’ fastest-growing private companies based on three-year growth.
The recognition validates Bryley’s partnership-driven approach. Growth enables the company to reinvest in team development and technology infrastructure, creating a positive cycle that benefits clients. Success breeds referrals, which fuel further expansion and service improvements.
Where you going with that data?
COO Anna Darlagiannis-Livingstone said, the direction technology has gone has made it really easy for people to just go ahead and set things up for themselves. But are they thinking about the big picture? Anna said this specifically thinking about a number of similar M365 Copilot issues Bryley’s seen – not issues with reliability, but in surfacing data in unintended ways.
Here’s an example (in this case your organization doesn’t even need to have Copilot turned on to be vulnerable): a vendor is invited to a Teams meeting. After the vendor leaves, your people continue discussing project details and share confidential documents. But unless permissions are revoked, the vendor still has access to the meeting (and those documents). Copilot on the vendor’s M365, searching for answers to its user’s query, can now access this sensitive information, potentially exposing it to unauthorized people. Copilot’s ability to pull data from multiple sources (OneDrive, SharePoint, Teams) to answer a question like ‘what were last quarter’s sales figures?’ could reveal confidential data to someone who shouldn’t have access.
The main take-away is to think about data management early on.
No matter how small it may seem, Anna said, the consequences may be large if you don’t think it through.
Eleventh MSP 501 recognition
Bryley achieved its 11th MSP 501 Recognition: The award is based on an independent 60-point evaluation that includes measures of financial fitness to identify IT providers with true operational strength – it’s a tool for organizations to vet IT suppliers – the main point of IT is to be dependable and work dependably. With eleven awards, Bryley has consistently demonstrated its solidity.
Tom Barnes Certified in Cybersecurity
Director of Client Services Tom Barnes was Certified in Cybersecurity through ISC2 (International Information System Security Certification Consortium) to strengthen his knowledge of the security protocols underlying CMMC and other compliance standards.
Uptime Mindset
With the right mindset, tech investments are protected, operations run smoother and customers get the consistency that encourages them to keep coming back, with that in mind Bryley has begun to explore what makes for ideal IT and we’re calling it the Uptime Mindset. The thinking includes reliable backup, of course, but also backup ways of communicating with staff in an emergency, assigning emergency roles and keeping emergency plans up-to-date. The biggest take-away is not to imagine perfection (because things happen), but to be able to be up-and-running again as efficiently and with as little stress as possible.
CMMC date
November 10 was the date the Department of Defense (DoD) activated the Cybersecurity Maturity Model Certification (CMMC) program. The US government’s contracting officers can now require CMMC certification as a condition for awarding new contracts. The implications for organizations seeking military contracts are addressed here.
And updates on 2025 stories
Throughout my own university education, I didn’t have a single lecture on it … given that cybercrime is the single most common form of crime, this omission is unacceptable, Criminologist Dr Julia Shaw said. In 2025 she wrote a book on environmental crime, and makes a helpful observation from fighting environmental crimes that can be as easily applied to dealing with cybercriminals: be really annoying, so criminals move on (layered security can be like this – one impediment after another).
Prompt-injection attacks – malicious prompts for a user’s AI agent hidden on a visited web page – are a serious case against having an LLM (Large Language Model like ChatGPT) process untrusted content. Over the course of the year we saw researchers fuzz prompts to try and solve them (fuzzing here is borrowed from coding; minor deviations are introduced into each prompt to try to isolate and address what causes the agent to fail). Bruce Schneier writes pretty convincingly that this kind of vulnerability may be here to stay.
About a year ago we shared a youtubed NYU conference with Dr Pascal Wallisch and Pastor John Kim. At the time Pastor Kim spoke of making sure good people are in there (like at Google and Meta) contributing to the decisions about AI’s use. At the end of 2025 Pastor Kim addressed Harvard’s Center for Christianity and the Common Good. In this talk he describes being an early investor in these technologies, and considers himself an optimist regarding the technologies.
Kim’s message is that we should use these tools for the betterment of the world, but with a wary eye for overstated promises: I don’t know about you but when I look at the Techno-Optimist Manifesto, when I look at the language that most big tech has bought into, I don’t see heaven on earth as much as the Tower of Babel.
The Cyber Trust Mark arrived last year with the aim of giving guidance to consumer purchases of IoT devices (Internet of Things devices, like cloud-based security cameras) because of the security risks these may pose. The initiative has somewhat languished, but this month (Jan. 8) a new head is being sought for the program. The program feels a worthy attempt to encourage US consumers to limit their exposure to foreign surveillance – a caveat is that consumers may have an initial assurance, but vulnerabilities are often found after the sale, so firmware updates or replacement may be needed – the device owners still need to pay attention.
