Writing
Long-form essays on identity, AI security, CIAM, Generative Engine Optimization, and the practice of building software. 577 pieces, newest first.
Latest essay
Most best-podcasts lists are SEO-driven, not editorial. Here are the 12 cybersecurity and B2B SaaS podcasts I listen to weekly, plus the 6 I quit.
Read the article
Most data breaches don't come from sophisticated zero-day attacks. They come from stolen credentials, misconfigurations, and unpatched systems. Here is a practical, prioritized playbook for preventing the breaches that actually happen.
Eleven sub-portals around the apex blog, each addressing a specific buyer-side pain. What each one is, why it exists, and the reader it serves.
CISA is operating at 40% capacity with 1,000 vacancies. Six threat hunters resigned in one day. The timing couldn't be worse for American cybersecurity.
Most tech predictions are click-bait with no accountability. I made 47 in early 2024 and tracked them. Here is the scoreboard with receipts.
A critical SQL injection in Ghost CMS turned 700+ sites into malware launchers. Harvard, Oxford, DuckDuckGo compromised. Here's what happened and what to do.
Generic founder reading lists do not map to cybersecurity-startup reality. Here is the 16-book list I would hand any cybersecurity founder, ranked by stage.
Attackers are forging authentication cookies to bypass Palo Alto GlobalProtect VPN logins. CISA KEV listed, Rapid7 confirms active exploitation since May 17.
G2, TrustRadius, and Gartner Peer Insights are commercially captured. Buyers know it. Nobody published a replacement. Here is the 7-step framework I use.
A poisoned LiteLLM package led to 4TB stolen from Mercor, the AI training startup serving Meta, OpenAI, and Anthropic. Class action lawsuits filed.
DarkSword silently compromises iPhones through website visits alone. 270M devices affected. Apple breaks its own policy with a rare iOS 18 security backport.
FBI classifies breach of its surveillance network as a 'major incident.' Salt Typhoon suspected. Wiretap targets and investigation data potentially exposed.
An annual research piece based on 12 months of monitoring 200+ CIAM vendor changelogs. The 14 trends shaping customer identity in 2026 and the vendors leading each shift.
Google's Knowledge Graph is the entity layer beneath AI Overviews, ChatGPT, and Perplexity. Here is the exact playbook for becoming a recognized, citable entity, and how AEO and GEO build on top of it.
Most "use bcrypt" posts are from 2014. Argon2 won the Password Hashing Competition in 2015 and nobody updated. Here is the actual 2026 decision framework for picking a password hashing algorithm.
Founders apply for credits in random order and get rejected because they tripped a referral-required gate they could have unlocked first. Here is the sequence that unlocks $250k+ in 90 days.
The five CIAM contenders in 2026 don't compete head-on. Each wins for a different stage and buyer. Here's the framework I use, with the honest tradeoffs each carries.
Your ISP logs every site you visit through unencrypted DNS lookups. Three free tools (Cloudflare 1.1.1.1, Google 8.8.8.8, Apple Private Relay) fix most of it. Here's how each one works and what it can't do.
I tracked 50,000 citations across ChatGPT Search, Perplexity, Claude, Gemini, Google AI Overviews, and Bing Copilot for 90 days. What actually moved citation share, and what didn't.
A founder's practical travel security checklist for 2026: realistic threats, what to actually do before, during, and after a trip, and where to skip the paranoia.
A founder's guide to the difference between authentication and authorization in 2026, with passkeys, agent auth, JWT pitfalls, and the mistakes I see at scale.
Most GEO buying decisions start with the wrong question: which tool monitors the most AI platforms. Here is a practical checklist for evaluating whether a GEO solution actually fits your industry.
How to build a cybersecurity product roadmap that survives AI security, compliance deadlines, and threat-driven emergencies. A founder's four-lane framework.
Security buyers research vendors in AI tools before a sales rep ever hears from them. The way a CISO interrogates ChatGPT looks nothing like how a marketer does. Here is what GEO actually looks like for cybersecurity.
Building software just got 10x easier with AI. That breaks most of the 2015 SaaS playbook. Here are the new hard truths every SaaS founder needs to see clearly.
SEO became a horizontal layer because its substrate was uniform: one ranking algorithm, one signal set, one results format. GEO can't collapse that way. Here is the architectural reason.
The ten skills that actually move the needle for tech founders, from a CIAM founder who scaled to a billion users and is now building in AI security.
An honest practitioner's view of AI-assisted software development in 2026: what Cursor, Claude Code, Copilot, and Devin actually do well, and where they still break.
A categorised, founder-curated list of 44 cybersecurity YouTube channels organised by what you actually want to learn: offense, defence, bug bounty, certs, careers.
Google I/O 2026 shipped an entire agent stack: Gemini 3.5 Flash, Antigravity 2.0, WebMCP, Gemini Spark, and Agent Payments Protocol. What it means for builders.
A curated, categorised guide to 30 search engines that security researchers actually use: Shodan, Censys, Dehashed, ExploitDB, and the rest.
