Welcome to my website, where I write about cybersecurity, compliance automation, policy-as-code, and philosophy. I share practical insights and personal observations that I've picked up over the years, based on my unique perspective that draws from military, industry, government, and personal experience.
20x bets that automated KSI validation makes inventory questions answerable without a separate inventory deliverable. That bet only pays off if KSIs themselves carry standardized component references.
Agentic systems can easily become simulacra. Without governance anchored in genuine human intent, we get organizations that are perfectly, continuously, autonomously convinced they’re secure.
FedRAMP 20x isn't an overhaul of compliance. It is an extension of engineering best practices into compliance. In other words, compliance is now a function of Site Reliability Engineering.
2023
Join me on a journey across America, from eastern cities to western deserts, as I search for what's really valuable.
2021
An open-minded exploration of reality using Occam's razor and the scientific method.