The Security Blog Nobody Asked For (But Somebody Had to Write)
Most security content isn't written for people like me. And if you've found your way here, I suspect it isn't written for people like you either.
It's written for organizations with a twenty-person security team and a seven-figure tooling budget. It'
cybersecurity
17
Apr
2026
Stop Treating Security Like a Gatekeeper (Start Treating It Like a Guardrail)
There’s a meeting that happens at every software company. A developer walks in and says, “We need to ship this feature by Friday.” The security team says, “We haven’t done a review yet.” The developer says, “The review takes three weeks.” The security team says, “That’s the
cybersecurity
15
Apr
2026
A CISO’s Take on “Your Agent Is Mine”
New research out of UC Santa Barbara and Fuzzland should be mandatory reading for any security team that has greenlighted LLM agents in production.
The paper, “Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain,” formalizes something most of us have been hand-waving past. Every LLM
Building a security program for edtech when your customers are the auditors
How a small software company navigates higher ed security reviews, HECVAT questionnaires, and the fact that every customer has their own definition of “good enough.”
If you sell software to higher education, you already know that the procurement process involves a security review. What you might not appreciate until you’
cybersecurity
26
Mar
2026
Running NIST SP 800–53 Controls on a Team That Fits in a Conference Room
We’re a small software company. Everyone fits in a conference room. And we run a full 800–53 Rev 5 compliance program across twenty control families