My Writing

I write about security leadership and technology, sharing strategies, practical frameworks, and field notes. My goal is to capture what I've learned and contribute to conversations in our community.

• Assessments Scope Security Assessments for Attack Paths, Not Org Charts
  When assessment scope follows organizational lines, gaps open where team boundaries meet and real attackers don't stop. Pulling adjacent teams into the scoping conversation and following attack logic...
• Risk Management Understand the Reality of the SOC 2 Checkbox
  SOC 2 standardized security reporting, but it left the vendor in control of the system boundary and auditor selection. Understanding that structural gap helps vendors and buyers get the most value...
• Product Management Most Cybersecurity Products Aren't Platforms and It's OK
  The test for a genuine platform is whether each new addition makes everything else more valuable, not just whether products share a brand or console. Let's draw a distinction between a platform and a...
• Artificial Intelligence Build Better Security Product Strategies Using Your AI Tool
  Generic AI gives generic product strategy advice. With my domain-specific frameworks and MCP server, you can use your AI agent to develop strategies, stress-test plans against practitioner criteria,...
• Artificial Intelligence Competing in Endpoint Security: A Guide for Startups
  There are areas where endpoint security startups can build viable, useful products, but those openings shift as adjacent categories converge and incumbents absorb new capabilities. Founders, buyers,...
• Product Management Building Security Products for SMBs
  Building security products for SMBs differs from enterprise markets in distribution, pricing, and product design. Vendors who merely repackage enterprise solutions at a lower price point struggle,...