Converging on Trust: Part Two - How The Engagement Model Diverges
Systems that optimize on engagement diverge against trust. Exploring the security risks of engagement-optimization in generative AI platforms used by government.
all_articles
Converging on Trust: Measuring The Effectiveness Of Security Outcomes Across Public and Private Incentives
How public and private sector organizations with different incentive structures can converge on shared security goals through measurable trust.
Yes, You Can Automate That
How a shift in perspective opens up automated validation and reporting, even for "non-technical" controls, and why this matters for modern compliance.
How to Assess Risk in 15 Minutes
What if you could assess risk across any Cloud Service Provider in 15 minutes with nothing but a laptop, and repeat it continuously?
Why You Can't Buy Security (But You Can Build It)
There are many great cybersecurity tools on the market, but buying good tools won't automatically give you good security. Just as you can't buy a hammer and expect it to build a house, tools need capable operators in order for them to be effective.
while true: manage_risk()
From ancient Greek navigators to predictive security: how feedback loops and self-adaptation are transforming government compliance.
On Jen Easterly and Military Values
A reflection on military service, integrity, and the implications of political decisions affecting those who have served.
Improving My Insight
It's important that we maintain access to fact-based, diverse perspectives on global and local issues that affect us. I've created an app that curates information from a wide range of reputable sources and creates custom daily reporting for me on events and trends that I care about.
ai_insight.mdBeyond the CVE Part 2: AI-Enhanced Contextual Vulnerability Management
How artificial intelligence transforms vulnerability management from static data points into dynamic, context-aware intelligence that dramatically improves both accuracy and operational efficiency.
Beyond the CVE Part 1: Contextualizing Findings for Holistic Vulnerability Management
CVEs get a lot of attention, but they are at the tip of a pyramid when it comes to vulnerability management. This article contextualizes CVE findings to show teams how to build a solid foundation for effective vulnerability management.
The Rise of the "Transformation Engineer" - And Why Your Organization Must Empower Them
A new type of engineer is emerging - the "transformation engineer." Understanding and empowering them may be crucial for competitive advantage in the tumultuous times ahead.
Compliance Reporting Is Easy - Validation Is The Hard Part
Why most compliance automation fails at the engineering reality check, and how to build validation that actually works using unit and function tests.
Same Code, Every Government: How OPA Unlocks Global Markets
How Open Policy Agent (OPA) transforms compliance from a cost center into a competitive advantage for cloud service providers.
The Many Uses of an SBOM
Discover how Software Bills of Materials (SBOMs) are transforming cloud security and compliance practices.
Harden First, Patch Less: The Economics of Secure CI/CD
Exploring why hardened components in your CI/CD pipeline are essential for security, from DIY approaches to vendor solutions.
When Complexity Itself Becomes the Most Critical Risk
Exploring how complexity itself has emerged as a meta-risk that overshadows conventional cybersecurity threats.
See What Attackers See (Part II): Defining and Tracking An Inventory of Ephemeral Components
Learn how organizations can define and track ephemeral technology components in containerized environments.
See What Attackers See: Validating the Security of Public Asset Inventories Using Free, Open-Source Tools
Learn how to ethically assess the thoroughness of public asset inventory practices using free, open-source tools like Nmap, Masscan, Amass, and Shodan.
DIY AI: Running an LLM On Any Standard Laptop For Free
Learn how to unlock the power of AI on your ordinary laptop - no subscriptions, no privacy concerns, and no fancy hardware required.
Cost-Effective Vulnerability Management in AWS
How to implement a comprehensive vulnerability management workflow in AWS for under $50,000
Building a Compliance Automation Pipeline in AWS For Less Than $5000
How to implement compliance-as-code in AWS using GitOps and automated security control validation
Investigating ProtonVPN's Persistence Mechanisms: A Security Deep Dive
Going down the rabbit hole while attempting to uninstall ProtonVPN - persistence mechanisms and security implications