As 2025 draws to a close and 2026 begins, I find myself reflecting on where we've been, and more importantly, where we're heading. In my role as an independent architect specializing in identity, security, enterprise architecture, and cloud platforms, the turn of the year is more than a calendar change. It's an opportunity to reset priorities.
The past year was packed with innovation and noise, from the rise of new AI tools to an ever-expanding cloud ecosystem. Amid all that, one lesson rings louder than ever:
Cut through the hype. Concentrate on what truly matters. Clarity and focus will be my guiding principles for 2026: a compass to navigate the tech landscape without getting lost in it.
A Return to First Principles
In 2025, I reached a personal milestone by completing a Stanford Cryptography Certificate program. Working through encryption algorithms and protocols under the guidance of experts like Dan Boneh was both challenging and invigorating.
After two decades in the field, going back to the mathematical bedrock of security served as a powerful reminder: no matter how advanced our architectures become, robust security still rests on well-understood fundamentals.
That experience didn't just expand my expertise in cryptography. It rekindled my appreciation for clarity. The kind that comes from understanding the building blocks of our craft inside out.
The Evolving Regulatory Landscape
This renewed focus on fundamentals dovetails with broader shifts in the security landscape. Consider the evolving regulatory environment: in the EU, the NIS2 directive has come into force, vastly expanding the number of organizations obligated to maintain robust cybersecurity practices.
NIS2 aims to establish a "high common level" of security across critical sectors. The numbers are staggering:
Roughly 150,000 entities now fall under NIS2's scope, around ten times more organizations than the original directive. Security leaders must now quantify risks and address cybersecurity at the board level.
Notably, even regulators acknowledge the role of innovation. NIS2 explicitly encourages the use of emerging technologies like artificial intelligence to improve threat detection and prevention. This melding of compliance and forward-looking technology sets the stage for critical architecture decisions in 2026.
We architects must design systems that satisfy these stricter requirements while keeping the organization agile and future-ready.
Embracing Adaptive Architectures
In parallel, the way we design systems is evolving to meet unprecedented complexity. I've become a firm believer in adaptive architectures, building systems flexible enough to absorb surprises and "bend, not break" under stress.
Instead of assuming perfect conditions, we need designs that cooperate with real-world variability and incomplete information:
- A sudden spike in traffic
- A new compliance mandate
- A supply-chain disruption
An adaptive architecture can gracefully adjust where a rigid one might collapse. Embracing cloud-native platforms is a practical step in this direction. They provide the foundation for scalability and flexibility, allowing organizations to deploy and adapt solutions faster than ever while maintaining resilience.
In essence, it's about building with change in mind, accepting that unpredictability is the norm and engineering systems to thrive in that reality.
AI in Identity and Security
Artificial intelligence has graduated from buzzword to indispensable tool in identity and security. In IAM, AI and machine learning are no longer just handy features. They're becoming the very foundation of how we handle authentication and detect anomalies.
Modern IAM solutions can learn user behavior patterns and make adaptive, context-aware access decisions in milliseconds, outpacing what any static rule set could achieve. In cybersecurity operations, AI-driven defenses help us operate at machine speed, identifying patterns and threats that human analysts might miss.
Of course, adversaries are innovating too. Attackers wield AI for evasion and automation, which only raises the stakes. The goal is clear: let AI do what it does best, speed and scale, while we humans maintain the clarity to guide it wisely.
Strategy Over Speed
Another resolution for 2026: a deliberate bias toward strategy over speed. It's tempting to chase quick wins or jump on every shiny new trend, but experience has taught me the pitfalls of that approach.
Rushed fixes and ad-hoc projects often create more problems than they solve, leading to what I call architectural debt: a compounding liability that erodes long-term value.
Without a strong, scalable, well-integrated architecture, it's like building a house on sand. If you don't lay a solid foundation, those rapid hacks will eventually crumble.
This year, I'm tempering the impulse to "move fast and break things" and investing time in coherent, long-term plans. That means:
- Saying "no" to projects that don't align with core objectives
- Saying "no" to tools that solve trivial problems at the expense of added complexity
- Saying "yes" to the unglamorous work of simplification and integration
By pacing ourselves strategically, we can still innovate, but in a way that's sustainable and aligned with the bigger picture.
The Path Forward
All these threads, honing core skills, meeting regulatory demands, crafting adaptive systems, leveraging AI wisely, and favoring strategy over hype, come back to the twin themes of clarity and focus.
As 2026 begins, I plan to stay clear-eyed about what truly matters: building secure, adaptable architectures that stand the test of time.
- Clarity means having a well-defined vision and principles that guide every design decision, even as new technologies emerge.
- Focus means executing on that vision without getting sidetracked by every novelty or panic of the day.
In a field as dynamic as ours, this is easier said than done, but it's more important than ever. By grounding ourselves in purpose and principles, we can navigate whatever this year brings and deliver value that lasts.
Here's to a 2026 defined not by how fast we go, but by how well we steer.