On Jen Easterly and Military Values
A reflection on military service, integrity, and the implications of political decisions affecting those who have served.
all_articles
Improving My Insight
It's important that we maintain access to fact-based, diverse perspectives on global and local issues that affect us. I've created an app that curates information from a wide range of reputable sources and creates custom daily reporting for me on events and trends that I care about.
ai_insight.mdBeyond the CVE Part 2: AI-Enhanced Contextual Vulnerability Management
How artificial intelligence transforms vulnerability management from static data points into dynamic, context-aware intelligence that dramatically improves both accuracy and operational efficiency.
Beyond the CVE Part 1: Contextualizing Findings for Holistic Vulnerability Management
CVEs get a lot of attention, but they are at the tip of a pyramid when it comes to vulnerability management. This article contextualizes CVE findings to show teams how to build a solid foundation for effective vulnerability management.
The Rise of the "Transformation Engineer" - And Why Your Organization Must Empower Them
A new type of engineer is emerging - the "transformation engineer." Understanding and empowering them may be crucial for competitive advantage in the tumultuous times ahead.
Compliance Reporting Is Easy - Validation Is The Hard Part
Why most compliance automation fails at the engineering reality check, and how to build validation that actually works using unit and function tests.
Same Code, Every Government: How OPA Unlocks Global Markets
How Open Policy Agent (OPA) transforms compliance from a cost center into a competitive advantage for cloud service providers.
The Many Uses of an SBOM
Discover how Software Bills of Materials (SBOMs) are transforming cloud security and compliance practices.
Harden First, Patch Less: The Economics of Secure CI/CD
Exploring why hardened components in your CI/CD pipeline are essential for security, from DIY approaches to vendor solutions.
When Complexity Itself Becomes the Most Critical Risk
Exploring how complexity itself has emerged as a meta-risk that overshadows conventional cybersecurity threats.
See What Attackers See (Part II): Defining and Tracking An Inventory of Ephemeral Components
Learn how organizations can define and track ephemeral technology components in containerized environments.
See What Attackers See: Validating the Security of Public Asset Inventories Using Free, Open-Source Tools
Learn how to ethically assess the thoroughness of public asset inventory practices using free, open-source tools like Nmap, Masscan, Amass, and Shodan.
DIY AI: Running an LLM On Any Standard Laptop For Free
Learn how to unlock the power of AI on your ordinary laptop - no subscriptions, no privacy concerns, and no fancy hardware required.
Cost-Effective Vulnerability Management in AWS
How to implement a comprehensive vulnerability management workflow in AWS for under $50,000
Building a Compliance Automation Pipeline in AWS For Less Than $5000
How to implement compliance-as-code in AWS using GitOps and automated security control validation
Investigating ProtonVPN's Persistence Mechanisms: A Security Deep Dive
Going down the rabbit hole while attempting to uninstall ProtonVPN - persistence mechanisms and security implications