Writing
Notes from the work.
Short, opinionated reads on the technology, security, and AI shifts founders and operators actually get burned by — breaches and email-security failures, the platform and infrastructure changes that break things quietly, and the AI decisions that carry real risk. No hot takes for their own sake. If it isn't useful, it doesn't get published.
Your company is already an AI company. Nobody approved it.
While leadership debates an AI policy, the team already pasted source code, customer lists, and contracts into ChatGPT. Shadow AI is the fastest-growing data-loss channel in business — here's how to govern it without pretending you can ban it.
Read the pieceMFA didn't fail. Your session cookie did.
Infostealers don't crack multi-factor auth — they skip it, by lifting the session cookie that proves you already logged in. Here's how pass-the-cookie attacks actually work, and the defenses that change the math.
ReadMicrosoft joined the party. Your email still isn't safe.
A year after Outlook started rejecting unauthenticated bulk mail, most senders think passing SPF, DKIM, and DMARC means they're done. Authentication is the ticket in — it was never the thing that gets you to the inbox.
ReadNew pieces land most weeks. Prefer them in your inbox? Reply to any note and say the word.
Get in touch
Let's talk.
Tell us what you're working on. We'll take it from there.