Articles on Leadership

Below are my perspectives on Leadership, drawn from my work as a security leader and practitioner.

• Leadership When Executives Reject Your Security Recommendation
  A rejected security recommendation feels personal, but it often reflects competing demands the security team doesn't fully see. Knowing how to act on that reality helps the CISO become someone the...
• Leadership Security Governance at the Speed of Vibe Coding
  Employees who've never written code now build production apps using AI, without security review, dependency scanning, or enterprise oversight. The SaaS and DevOps transitions give security teams a...
• Assessments Scope Security Assessments for Attack Paths, Not Org Charts
  When assessment scope follows organizational lines, gaps open where team boundaries meet and real attackers don't stop. Pulling adjacent teams into the scoping conversation and following attack logic...
• Risk Management Understand the Reality of the SOC 2 Checkbox
  SOC 2 standardized security reporting, but it left the vendor in control of the system boundary and auditor selection. Understanding that structural gap helps vendors and buyers get the most value...
• Product Management Most Cybersecurity Products Aren't Platforms and It's OK
  The test for a genuine platform is whether each new addition makes everything else more valuable, not just whether products share a brand or console. Let's draw a distinction between a platform and a...
• Product Management Building Security Products for SMBs
  Building security products for SMBs differs from enterprise markets in distribution, pricing, and product design. Vendors who merely repackage enterprise solutions at a lower price point struggle,...