Commentary on cybersecurity culture, industry practices, and professional insights drawn from 25+ years in InfoSec. Challenging conventional thinking about security strategy, organizational behavior, and the evolving cybersecurity landscape.
Most incident response plans assume clean timelines and clear answers. Real incidents are messier—shaped by uncertainty, executive pressure, incomplete data, and human dynamics that matter as much as technical skill.
Best practices assume ideal conditions. Real security work rarely has them. This post explores how experienced practitioners apply judgment, weigh trade-offs, and decide when “good enough” is acceptable—and when it isn’t.
Passing an audit feels like progress—but it often masks real security gaps. This post explores why compliance is a baseline, not a strategy, and how security leaders can navigate audits without letting them define their security program.
Security work doesn’t fail because it’s wrong—it fails because it’s misaligned. This post breaks down what CISOs are actually accountable for, how pressure shapes priorities, and how to align security work with the realities of leadership decision-making.
Most failed security projects weren’t killed by bad technology. They failed in budget meetings, during change resistance, or without executive backing. Understanding those dynamics is what makes security work succeed.
Reporting security through IT creates structural tension that can limit influence without careful navigation. This piece explores how to communicate risk, build credibility, and make progress when security isn’t in charge.
Vendors present themselves as security partners, but their incentives rarely align with yours. This post examines the real dynamics behind vendor claims, SLAs, support models, and shared responsibility—and how security leaders should manage vendor risk without illusions.
Identity is the real perimeter in modern environments. As service accounts, API keys, and federated access sprawl across SaaS, cloud, and APIs, organizations lose visibility, control, and the ability to enforce least privilege—turning identity debt into one of the most dangerous and persistent cyber risks.
Most cybersecurity vendors now claim “AI integration,” but few can explain what their AI actually does or how it makes operational decisions. While chat-based AI tools like Microsoft Copilot excel at individual productivity tasks, they introduce dangerous variability when applied to operational security work that requires consistency, auditability, and institutional
Most security teams believe they have better visibility than they actually do. In modern SaaS and cloud environments, logging gaps are structural, costly, and often invisible until an incident exposes them.