My Writing

I write about security leadership and technology, sharing strategies, practical frameworks, and field notes. My goal is to capture what I've learned and contribute to conversations in our community.

• Risk Management Understand the Reality of the SOC 2 Checkbox
  SOC 2 standardized security reporting, but it left the vendor in control of the system boundary and auditor selection. Understanding that structural gap helps vendors and buyers get the most value...
• Product Management Most Cybersecurity Products Aren't Platforms and It's OK
  The test for a genuine platform is whether each new addition makes everything else more valuable, not just whether products share a brand or console. Let's draw a distinction between a platform and a...
• Artificial Intelligence Build Better Security Product Strategies Using Your AI Tool
  Generic AI gives generic product strategy advice. With my domain-specific frameworks and MCP server, you can use your AI agent to develop strategies, stress-test plans against practitioner criteria,...
• Artificial Intelligence Competing in Endpoint Security: A Guide for Startups
  There are areas where endpoint security startups can build viable, useful products, but those openings shift as adjacent categories converge and incumbents absorb new capabilities. Founders, buyers,...
• Product Management Building Security Products for SMBs
  Building security products for SMBs differs from enterprise markets in distribution, pricing, and product design. Vendors who merely repackage enterprise solutions at a lower price point struggle,...
• Product Management A Practitioner's Guide to Creating Cybersecurity Products
  Strong technology alone doesn't make a successful security product. This guide presents the strategic questions that security product managers and startup founders should answer early, covering...