Writing

How to Guarantee You Get Hacked: A 5-Step Guide

Updated May 30, 2026

I cannot guarantee that you will never get hacked. But if you are looking to get hacked then I have some fantastic advice for you. Follow these 5 simple steps and there will be dozens of attackers pretending to be you in no time.

Building From Source is No Panacea

Updated May 27, 2026

An oft-repeated mantra about building dependencies from source is misguided at best and fear-mongering at worst, and now companies are springing up to capitalize on that fear. Who can you trust?

All Our Eggs, One Basket

Updated May 26, 2026

We're often told not to put all our eggs in one basket. But information isn't eggs, and the basket might be the safest place for it.

Building Effective Guardrails

Updated May 18, 2026

LLMs are churning out "junior" developers faster than ever before. Fewer and fewer people understand the code that is shipping to production. Here are a handful of techniques to add guardrails to your environment before someone --dangerously-skip-permissions their way into a production incident.

Security is a Side Effect

Updated May 9, 2026

The cybersecurity industry's product-centric model creates a market equilibrium that actively disincentivizes platform-level fixes, which would deliver far greater security improvement per dollar.

Red vs Blue

Updated June 2, 2025

With the rise of the red team in cybersecurity, we also became more and more familiar with the term "blue team." In the context of cybersecurity, this term is typically reserved for folks who serve the incident response function. If the red team breaks into the organization, surely the blue team is the specific people responsible for responding to the break in, right? Well... I'm not so sure.

How to Guarantee Your Red Team Will Fail

Updated May 19, 2025

I cannot guarantee that you will run a successful team, but I can absolutely give you advice on how to fail. Should you choose to heed my advice, your red team will surely fail in stellar fashion.

High Leverage Security Decisions

Updated May 12, 2025

We're faced with a neverending stream of decisions every day in an effort to secure our environments. Some decisions offer much higher leverage than others, and those are the ones you should focus on first, especially in a small organization.

Simulation vs. Emulation

Updated May 3, 2025

Offensive security people seem to spend a lot of time debating simulation vs emulation. Hot take: It doesn't matter.

Stay in the loop

Powered by Buttondown.