Security is a Side Effect
Updated May 9, 2026The cybersecurity industry's product-centric model creates a market equilibrium that actively disincentivizes platform-level fixes, which would deliver far greater security improvement per dollar.
The cybersecurity industry's product-centric model creates a market equilibrium that actively disincentivizes platform-level fixes, which would deliver far greater security improvement per dollar.
With the rise of the red team in cybersecurity, we also became more and more familiar with the term "blue team." In the context of cybersecurity, this term is typically reserved for folks who serve the incident response function. If the red team breaks into the organization, surely the blue team is the specific people responsible for responding to the break in, right? Well... I'm not so sure.
I cannot guarantee that you will run a successful team, but I can absolutely give you advice on how to fail. Should you choose to heed my advice, your red team will surely fail in stellar fashion.
We're faced with a neverending stream of decisions every day in an effort to secure our environments. Some decisions offer much higher leverage than others, and those are the ones you should focus on first, especially in a small organization.
Offensive security people seem to spend a lot of time debating simulation vs emulation. Hot take: It doesn't matter.