About - Cultivating Security

Why Chat-Based AI Tools Fail in Operational Security: Building Capability vs. Productivity

January 28, 2026

Security Third: Why “Security First” Makes Organizations Less Secure

December 13, 2025

The Marquis Breach: What Happens When Your Vendor’s Security is Worse Than You Think

December 8, 2025

Willful Ignorance as a Security Vulnerability

December 3, 2025

When Your Vendor Drops a Security Layer (And Doesn’t Tell You)

December 24, 2025

Week 2: Understanding Your Environment Before You Try to Secure It

January 13, 2026

About

Growing Practical Security Wisdom in the Field

For over 25 years, I’ve been deep in the trenches of IT, with the last 15+ years focused specifically on Information Security, currently serving as Director of Information Security for a large community-focused financial institution in Illinois. But unlike much of what you’ll find in the security content ecosystem, my perspective isn’t shaped by academic theory or certification mills—it’s cultivated through decades of hands-on experience making real security decisions with real business consequences.

Why “Cultivating Security”?

The name reflects two core beliefs: first, that meaningful security insights grow from practical experience, not from textbook scenarios. Second, as someone who farms as well as secures systems, I understand that both agriculture and cybersecurity require patience, attention to environmental conditions, and the wisdom to know when conventional wisdom doesn’t apply to your specific situation.

What You’ll Find Here

This isn’t another blog rehashing vendor marketing or offering surface-level takes on the security incident du jour. Instead, I focus on deep, analytical examination of industry incidents and trends, connecting technical realities to business and regulatory implications.

When incidents happen—whether it’s a FinTech breach, a cloud provider outage, or a supply chain compromise—I’m not just asking ‘what happened?’ I’m exploring what it means for vendor risk frameworks, SaaS security strategies, and the operational decisions security leaders face every day.

Practical Experience Over Paper Credentials

I’ve deliberately chosen experience over formal credentials—no degree, no alphabet soup of certifications. My credibility comes from 25+ years of solving actual security problems, presenting at industry forums, and helping organizations navigate the gap between security theory and business reality.

This perspective shapes everything I write: security decisions happen in context, perfect solutions rarely exist, and the best analysis acknowledges complexity rather than oversimplifying it.