The Security Leader's Job Is to Design Systems
Security capabilities fail when they are built as activities instead of systems. A security leader’s real job is to tell the two apart, turn the activities into systems, and keep...
Documenting the intersection of system architecture, cybersecurity protocols, and engineering leadership.
Security capabilities fail when they are built as activities instead of systems. A security leader’s real job is to tell the two apart, turn the activities into systems, and keep...
For years we said security is a process, not a product. That was right, and it still is. What changed is that the modern security...
Specialist-only career models no longer fit modern security organizations. T-shape, depth in one specialty and fluency across the others, is the floor of the modern...
On May 11 between 19:20 and 19:26 UTC, 84 malicious @tanstack/* npm versions shipped with valid SLSA Build Level 3 provenance. The signatures verified. The...
Practical takeaways from the May 2026 TanStack compromise. How to harden CI/CD trust primitives, and how to resize the operating model around modern security artefacts....
A small Slack-native vulnerability coordination workflow POC built on free-tier SaaS, with Postgres as the spine, n8n as deterministic glue, and an LLM constrained to...
A walkthrough of the April 2025 CI/CD incident at Grafana Labs - one small misconfiguration, fast detection thanks to canary tokens, and why preparation beats...
The NVD cutbacks are not a funding crisis. They are a design crisis. Monolithic vulnerability intelligence never matched the shape of the actual problem, and...
Agentic development doesn’t just change how fast software is written. It changes who makes security decisions, and at what scale. Here’s what that actually means...
How to collect, visualize, and communicate actionable AppSec metrics that bridge the gap between security engineering and leadership priorities.
If you want to build an appsec program, here are five valuable recommendations to take into consideration.