- AI Governance: Same Problems, Same Solutions
Aug 24, 2025
-
3 min read
AI governance challenges aren’t fundamentally new - they’re extensions of existing IT security problems like shadow IT, data inventory gaps, and data loss. Organizations with mature security programs already have the building blocks needed to govern AI, though some AI-specific challenges require additional consideration.
- AuthCon 2025 - Our journey to SaaS, and the identity challenges along the way
May 14, 2025
-
1 min read
I was invited to speak at the innagural AuthCon, the first Customer Identity and Access Management (CIAM) conference. During my presentation, I shared real-world insights from my company’s journey to SaaS. I outlined how customer identity and access management needs evolved across on-premises, hybrid, and cloud-native environments, and why building or buying the right identity features is critical for security, scalability, and customer satisfaction.
- BlueHat 2024: Security Challenges Are Universal (Just Ask Microsoft)
Oct 29, 2024
-
2 min read
After attending multiple security conferences this year, BlueHat 2024 stood out for all the right reasons: no vendors, no sales pitches, just pure technical content. The dual perspectives from security researchers and Microsoft’s Security Response Center revealed that every security team faces the same fundamental challenges, just at different scales.
- Streamlining SSH Key Management with 1Password
Oct 14, 2024
-
4 min read
Fed up with losing SSH keys during my annual machine rebuilds, I discovered 1Password’s SSH Agent functionality. With some configuration tweaks, I now manage keys securely across devices and projects while adding MFA protection to every SSH operation.
- Cross Platform Encryption using AES-256 (NodeJS, PowerShell, C#)
Oct 13, 2024
-
5 min read
Cross-platform encryption is a pain - different languages, same algorithm, different implementations. Here’s working AES-256 code for C#, Node.js, and PowerShell that actually interoperates correctly, so you don’t have to debug crypto edge cases.
- Lessons from Investments Unlimited: The Importance of Automation and Transparency in Security
Nov 7, 2022
-
2 min read
Investments Unlimited hit close to home - a financial firm forced to fix their security posture discovers the same issues I face daily: outdated asset inventories, useless CABs, inconsistent pipelines. The message is clear: automate everything, don’t block velocity, and dig beneath surface assumptions.
- Book Review: Product-Led Growth and Escaping the Build Trap
Sep 15, 2022
-
2 min read
Two product management books sparked an unexpected realization about the intersection between customer behavior analytics, security telemetry, and audit logging. Sometimes the most valuable insights come from applying frameworks outside their intended domain.
- Gaining Valuable Insights at OWASP Conference 2010
Jun 19, 2010
-
1 min read
SNOWFROC 2010 was well worth it again.