Blog

What sucks in security? Research findings from 50+ security leaders

A deep dive into what CISOs are actually complaining about

Systems Thinking for Cybersecurity Professionals

Let's hit RESET!

Sub-Venture Scale Security Problems

The Race to Make a Business of Secure Defaults

Don’t Security Engineer Asymmetric Workloads

Wiring a Winning Security Organization

Security is a Team Sport

A call to action, with practical advice

Keep Hackers Out of Your Kubernetes Cluster with These 5 Simple Tricks!

A threat-informed roadmap for securing Kubernetes clusters

AI, Deepfakes, and Phishing

A round-up of AI and LLMs being applied to deepfakes and phishing

How pentesting mirrors the evolution of quality assurance

And why software engineering can help us to mature the security industry

AI Resources - Part 1

A collection of interesting AI tools, products, resources, papers, and more I’ve come across.

Software Supply Chain Vendor Landscape

An analysis of over 20 supply chain security vendors, from securing source code access and CI/CD pipelines to SCA, malicious dependencies, container security, SBOMs, code provenance, and more