Cybersecurity
What a penetration test should actually deliver
Too many reports are scan output in a fresh template. Here is what real value looks like; and the questions to ask before you commission one.
Read articlePractical writing on building and securing technology; from the engineers and security professionals doing the work.
Too many reports are scan output in a fresh template. Here is what real value looks like; and the questions to ask before you commission one.
Read articleCertification feels daunting because it is treated as an event. Reframe it as a program and the path becomes clear. Here is how we approach it.
Read articleConcrete patterns we use to bake security into Laravel applications from the first commit; validation, authorization, secrets, and more.
Read articleAcross dozens of cloud assessments, the same handful of mistakes keep appearing. Here they are; and how to close each one for good.
Read articleReplatforming is risky when it is all-or-nothing. A strangler-pattern approach lets you modernize incrementally while keeping the lights on.
Read articleA SIEM that cries wolf is worse than none. How we tune detection so analysts respond to signal, not noise.
Read articleMost risk registers die in a spreadsheet. Here is how to build one that drives real decisions and survives past the audit.
Read articleGood API design and good API security are not in tension. The principles we follow to deliver both at once.
Read articleRunning sensitive workloads in the cloud is entirely possible; with the right boundaries, controls, and evidence. A practical guide.
Read article