Agentic systems can easily become simulacra. Without governance anchored in genuine human intent, we get organizations that are perfectly, continuously, autonomously convinced they’re secure... until reality proves otherwise.
FedRAMP 20x isn't an overhaul of compliance. It is an extension of engineering best practices into compliance. In other words, compliance is now a function of Site Reliability Engineering.
Attempting to capture what writing really means to me.
The mathematics of thresholds maps directly onto cybersecurity. Dynamical systems theory provides the vocabulary to describe how security operations actually works, and how to measure whether it’s working.
Systems that optimize on engagement diverge against trust. Exploring the security risks of engagement-optimization in generative AI platforms used by government.
How public and private sector organizations with different incentive structures can converge on shared security goals through measurable trust.
How a shift in perspective opens up automated validation and reporting, even for "non-technical" controls, and why this matters for modern compliance.
What if you could assess risk across any Cloud Service Provider in 15 minutes with nothing but a laptop, and repeat it continuously?
There are many great cybersecurity tools on the market, but buying good tools won't automatically give you good security. Just as you can't buy a hammer and expect it to build a house, tools need capable operators in order for them to be effective.
From ancient Greek navigators to predictive security: how feedback loops and self-adaptation are transforming government compliance.
A reflection on military service, integrity, and the implications of political decisions affecting those who have served.
It's important that we maintain access to fact-based, diverse perspectives on global and local issues that affect us. I've created an app that curates information from a wide range of reputable sources and creates custom daily reporting for me on events and trends that I care about.
ai_insight.mdHow artificial intelligence transforms vulnerability management from static data points into dynamic, context-aware intelligence that dramatically improves both accuracy and operational efficiency.
CVEs get a lot of attention, but they are at the tip of a pyramid when it comes to vulnerability management. This article contextualizes CVE findings to show teams how to build a solid foundation for effective vulnerability management.
A new type of engineer is emerging - the "transformation engineer." Understanding and empowering them may be crucial for competitive advantage in the tumultuous times ahead.
Why most compliance automation fails at the engineering reality check, and how to build validation that actually works using unit and function tests.
How Open Policy Agent (OPA) transforms compliance from a cost center into a competitive advantage for cloud service providers.
Discover how Software Bills of Materials (SBOMs) are transforming cloud security and compliance practices.
Exploring why hardened components in your CI/CD pipeline are essential for security, from DIY approaches to vendor solutions.
Exploring how complexity itself has emerged as a meta-risk that overshadows conventional cybersecurity threats.
Learn how organizations can define and track ephemeral technology components in containerized environments.
Learn how to ethically assess the thoroughness of public asset inventory practices using free, open-source tools like Nmap, Masscan, Amass, and Shodan.
Learn how to unlock the power of AI on your ordinary laptop - no subscriptions, no privacy concerns, and no fancy hardware required.
How to implement a comprehensive vulnerability management workflow in AWS for under $50,000
How to implement compliance-as-code in AWS using GitOps and automated security control validation
Going down the rabbit hole while attempting to uninstall ProtonVPN - persistence mechanisms and security implications