My Writing

I write about security leadership and technology, sharing strategies, practical frameworks, and field notes. My goal is to capture what I've learned and contribute to conversations in our community.

• Product Management A Practitioner's Guide for Creating Cybersecurity Products
  Strong technology alone doesn't make a successful security product. This guide presents the strategic questions that security product managers and startup founders should answer early, covering...
• Leadership From Chief Opinion Officer to Action-Taker
  Security leaders who only assess risks and express concerns operate as Chief Opinion Officers rather than change agents. Delivering outcomes requires agreeing with colleagues on what's real, deciding...
• Leadership What Being a CISO Taught Me About Security Leadership
  A four-point framework to succeeding as a CISO, based on my experiences of building and leading a security program at a high-growth company. It shows how to focus on the defender's advantage and...
• Malware Analysis REMnux v8: 15 Years of Building a Malware Analysis Toolkit
  REMnux v8 adds AI capabilities, updates the tools and the base OS, and uses a new, more resilient installer. After 15 years and eight major releases, the toolkit continues to evolve to reflect the...
• Malware Analysis Using AI Agents to Analyze Malware on REMnux
  To analyze malware effectively, AI agents need practitioners' expertise and access to the analysis tools. The REMnux MCP server provides both, connecting AI to 200+ tools on REMnux with guidance on...
• Leadership The Chief Insecurity Officer
  What if the CISO's job isn't to maximize security but to calibrate the right amount of insecurity? Reframing the role this way turns security leaders from obstacles into enablers of business velocity.