Writing

Field notes &
deep dives.

Security research, red team ops, LLM security, and lessons from the enterprise frontlines.

Cryptographic Provenance for LLM Agent Pipelines

As LLMs become first-class participants in enterprise workflows, the attack surface shifts from code to context. Here's how cryptographic provenance chains can anchor trust in agentic systems.

November 15, 20244 min read

Read article

AppSecRed TeamProgram Building

Why Your AppSec Program Needs a Red Team Mindset - Not Red Team Tools

Buying a DAST scanner and scheduling quarterly pentests is not an AppSec program. It's an audit exercise. The gap between the two is where breaches happen.

September 3, 20244 min read

Read article

AppSecEnterprise SecurityLeadership

Running AppSec Across 5 Business Units: What Actually Works

Scaling application security across multiple business units with different stacks, cultures, and risk appetites isn't a tooling problem. It's an organizational design problem.

June 18, 20244 min read

Read article

Field notes & deep dives.

Cryptographic Provenance for LLM Agent Pipelines

Why Your AppSec Program Needs a Red Team Mindset - Not Red Team Tools

Running AppSec Across 5 Business Units: What Actually Works

Field notes &
deep dives.