Reading: The CISO Skill Nobody Talks About
There's a skill that underpins almost everything a CISO does, and it never shows up on job postings. It's reading. Long documents. Cover to cover. Over and over again. No tool, platform, or AI can replace the understanding that comes from actually doing the reading yourself.
cybersecurity
17
Apr
2026
Stop Treating Security Like a Gatekeeper (Start Treating It Like a Guardrail)
There’s a meeting that happens at every software company. A developer walks in and says, “We need to ship this feature by Friday.” The security team says, “We haven’t done a review yet.” The developer says, “The review takes three weeks.” The security team says, “That’s the
cybersecurity
15
Apr
2026
A CISO’s Take on “Your Agent Is Mine”
New research out of UC Santa Barbara and Fuzzland should be mandatory reading for any security team that has greenlighted LLM agents in production.
The paper, “Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain,” formalizes something most of us have been hand-waving past. Every LLM
Building a security program for edtech when your customers are the auditors
How a small software company navigates higher ed security reviews, HECVAT questionnaires, and the fact that every customer has their own definition of “good enough.”
If you sell software to higher education, you already know that the procurement process involves a security review. What you might not appreciate until you’
cybersecurity
26
Mar
2026
Running NIST SP 800–53 Controls on a Team That Fits in a Conference Room
We’re a small software company. Everyone fits in a conference room. And we run a full 800–53 Rev 5 compliance program across twenty control families