5 Steps to Turn Your RMF Backlog Into a Continuous ATO: The CSRMC Migration Playbook
Let's be honest about the legacy Risk Management Framework (RMF): for the last decade, achieving an ATO has been less about actual cybersecurity and more about creative writing. We built three-year "snapshot" ...
What GEO Looks Like for Cybersecurity Buyers: CISOs, CIOs, and Security Teams
Security buyers research vendors in AI tools before a sales rep ever hears from them. The way a CISO interrogates ChatGPT looks nothing like how a marketer does. Here is what GEO ...
Four Lessons From a Founder to Build and Scale a Cybersecurity Company That Lasts
In the early stages of building a business, even experienced leaders don’t know if they will succeed. Many start with strong ideas, yet 90% of startups fail. Pushing through requires hard work, ...
Ten Skills I Gained Building Tech Companies (That I Wish I’d Learned Sooner)
The ten skills that actually move the needle for tech founders, from a CIAM founder who scaled to a billion users and is now building in AI security ...
Essay — Effort Is No Longer a Defense
No longer can you check a box and walk away. NIS2 is changing the game. Image: Nano Banana 2.From Board to Breach: The Accountability Chain NIS2 Just Made ExplicitFor nineteen years, Verizon’s Data Breach ...
Managing Open Source Software Risks With the HeroDevs EOL Dashboard
Modern software delivery runs on open source. But as dependency graphs expand and application lifecycles stretch across years, end-of-life (EOL) components are becoming a structural security challenge ...
Why strategic CISOs need proactive risk reduction, not reactive GRC reporting
Security and GRC teams have no shortage of risk mitigation activities. They are carrying more work than ever, yet many still lack confidence in the data and recommendations produced by all that ...
The Exception Economy: When Security Teams Stop Protecting and Start Negotiating
There is a term that has quietly become the most accurate description of how enterprise security operates in 2026, and it did not come from a CISO, a standards body, or a ...
One step at a time
One step at time. Post 6 in the Factory Series.Factory Series Part 6In 2007, I walked into a Scandinavian food-production facility and reached the production floor in under an hour. No badge. No appointment ...
Mythos AI: What Security Leaders Should Do Next
The recent discussion around Anthropic’s Claude Mythos Preview and Project Glasswing has caught the attention of the cybersecurity industry for good reason. Mythos is not just another AI announcement. It is being ...
