My Writing

I write about security leadership and technology, sharing strategies, practical frameworks, and field notes. My goal is to capture what I've learned and contribute to conversations in our community.

• Threat Intelligence Six Signals for Threat Attribution
  Intelligence analysts weigh six signals together to build defensible attribution to a threat actor. For each one, they use a disciplined methodology we can cite and stress-test.
• Deception Plant Decoy Personas to Detect Impersonation Attacks
  Decoy personas extend honeytoken thinking to user accounts and public profiles. The technique gives defenders a tripwire on the identity surface that other detection layers don't cover.
• Artificial Intelligence Making Sense of Security for AI: The AI Defense Matrix
  The AI Defense Matrix maps eight AI asset classes to NIST CSF functions, giving security leaders one grid to assign ownership, find gaps, and select controls. Sounil Yu and I co-authored it as the...
• Tools Build a Decoy MCP Server to Catch AI Agent Attackers
  Your AI agent's MCP config can be a target for an attacker who reaches your machine. A decoy MCP server entry pointing at a Cloudflare Worker can reveal the attacker's presence and their intent.
• Tools Plant Honeytokens to Detect Intrusions
  Plant decoy credentials, configs, and URLs to surface an attack the rest of your stack might miss. Deployment scenarios include MCP server entries, AWS API keys, and Cloudflare Workers serving fake...
• Tools The Personal AI Stack: A Power User's Guide
  An AI tool like Claude Code gives you solid general-purpose capabilities out of the box. To make it truly indispensable, add the layers that teach it who you are, how you work, and what you do.