cybersecurity

compliance
30
Apr
2026

Reading: The CISO Skill Nobody Talks About

There's a skill that underpins almost everything a CISO does, and it never shows up on job postings. It's reading. Long documents. Cover to cover. Over and over again. No tool, platform, or AI can replace the understanding that comes from actually doing the reading yourself.
8 min read
cybersecurity
17
Apr
2026

Stop Treating Security Like a Gatekeeper (Start Treating It Like a Guardrail)

There’s a meeting that happens at every software company. A developer walks in and says, “We need to ship this feature by Friday.” The security team says, “We haven’t done a review yet.” The developer says, “The review takes three weeks.” The security team says, “That’s the
5 min read
cybersecurity
15
Apr
2026

A CISO’s Take on “Your Agent Is Mine”

New research out of UC Santa Barbara and Fuzzland should be mandatory reading for any security team that has greenlighted LLM agents in production. The paper, “Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain,” formalizes something most of us have been hand-waving past. Every LLM
4 min read
edtech
02
Apr
2026

Building a security program for edtech when your customers are the auditors

How a small software company navigates higher ed security reviews, HECVAT questionnaires, and the fact that every customer has their own definition of “good enough.” If you sell software to higher education, you already know that the procurement process involves a security review. What you might not appreciate until you’
18 min read
cybersecurity
26
Mar
2026

Running NIST SP 800–53 Controls on a Team That Fits in a Conference Room

We’re a small software company. Everyone fits in a conference room. And we run a full 800–53 Rev 5 compliance program across twenty control families
12 min read