My Writing

I write about security leadership and technology, sharing strategies, practical frameworks, and field notes. My goal is to capture what I've learned and contribute to conversations in our community.

• Communication Handling High-Profile Vulnerabilities
  When a high-profile vulnerability surfaces, executives and customers want to know whether it affects you. With a one-page brief and a short process, you can capture the key details and reach the...
• Tools Securing API Keys on Your Workstation
  Every dev tool you grant API access to, AI assistants included, can read the keys within its reach. No setup removes that risk entirely, so the goal is fewer secrets exposed and less damage when one...
• Privacy Security of Third-Party Keyboard Apps on Mobile Devices
  Keyboard apps offer better predictions, voice transcription, and AI-powered writing, all requiring users to send what they type to remote servers. Mobile OS vendors set the rules but can't enforce...
• Assessments A Report Template for Security Assessments
  The technical severity of an assessment finding tells only part of the story. A customizable report template helps you document the scope, rate findings by risk, and write for the executives and...
• Encryption The Past, Present, and Future of the Web's Trust Model
  Observability, short-lived credentials, and active enforcement hold the web's trust model together. Without them, a decade of Certificate Authority failures would've collapsed it. Will those same...
• Threat Intelligence A Report Template for Cyber Threat Intelligence
  Cyber threat intelligence analysts produce credible reports by weighing signals at tactical, operational, and strategic levels. A customizable CTI report template helps analysts capture activity,...