My Writing

I write about security leadership and technology, sharing strategies, practical frameworks, and field notes. My goal is to capture what I've learned and contribute to conversations in our community.

• Tools Plant Honeytokens to Detect Intrusions
  Plant decoy credentials, configs, and URLs to surface an attack the rest of your stack might miss. Deployment scenarios include MCP server entries, AWS API keys, and Cloudflare Workers serving fake...
• Tools The Personal AI Stack: A Power User's Guide
  An AI tool like Claude Code gives you solid general-purpose capabilities out of the box. To make it truly indispensable, add the layers that teach it who you are, how you work, and what you do.
• Risk Management Trust Boundary of SaaS Will Include Customers' AI Agents
  SaaS vendors should assess whether their trust boundary includes customers' AI agents. Liability has pushed banks toward securing the customer's device four times, and the fifth wave is forming...
• Artificial Intelligence What to Make of AIUC-1, a New AI Agent Certification
  New certifications start as claims and earn credibility through cycles of scrutiny. AIUC-1, a compliance framework for AI agent vendors, is at that starting point. How its structure, governance, and...
• Product Management Scoring Your Security Product Strategy in the AI Era
  AI has made commodity software easy to produce, leaving traditional SaaS exposed. Applied to cybersecurity, a seven-dimension rubric scores security product strategies to help leaders identify...
• Product Management How Modern Product Design Principles Strengthen Security
  Unnecessary complexity makes products hard to maintain and hard to secure. Modern apps such as Cloudflare's EmDash and Tailscale show that designing for simplicity produces stronger security as a...