Field notes from the security trenches.
Practitioner write-ups from our offensive, defensive, cloud and GRC teams. Subscribe for monthly deep-dives — no sales pitches.
Why your SIEM is drowning you in alerts (and what to do about it)
Most SIEM deployments fail not because the technology is bad — but because nobody invests in the boring, unsexy work of detection engineering.
BloodHound is table stakes — what comes after
BloodHound is great for the first pass. Here is what we do next in real engagements when the obvious paths are already blocked.
The case for manual code review in the age of SAST
SAST catches the syntax errors. It cannot catch the business-logic flaw that costs you a million dollars.
PCI-DSS v4.0 — what actually changed and what to do about it
The high-level marketing of v4.0 is misleading. Here is what your QSA will actually look for next year.
Cyber risk reporting to the board — a template that works
Most board-level cyber reports are noise. Here is the one-page format we use across 40+ client engagements.
AWS IAM attack paths — five real-world chains we see weekly
Pretending IAM is hard is no excuse. Five attack chains that show up in nearly every cloud pen-test we run.