-
Claude Code marketplaces are an opportunity for security teams to be visible
Security teams produce an enormous amount of work that engineers never see. Threat models, hardening guides, code-review checklists, runbooks, the right way to use the auth library, the wrong way to write a SQL query. Most of it lives in Confluence pages nobody opens, or Slack threads that scroll out of memory by Tuesday.
-
The security mistakes I see in every vibe-coded app
Vibe coding works. People are shipping real apps in an afternoon with v0, Lovable, Bolt, Cursor, Claude Code, and friends. The apps look good, the auth flow works, the database is wired up, the Stripe checkout converts. Six months ago this would have taken six weeks.
-
Security people are honest. The business is not.
A thing I keep noticing about security professionals, after a few years in the field: we tend to be unusually candid. Genuinely passionate. Mission-driven in a way that’s almost a tell. When a security person describes their work, you hear actual conviction. When the same person describes a meeting they sat in earlier that day, you often hear bewilderment.
-
What ten years building houses taught me about security architecture
I ran interior design and remodeling companies for about a decade before I switched into security. I thought I was leaving one career behind for another, completely separate one. I was wrong. Almost everything I now do in security architecture, I first did with drywall and permits.
-
How I passed OSCP on my third attempt, without 100 points
I forfeited my first OSCP attempt. I had the 70 points I needed to pass, but I wanted 100, and I’d enjoyed the exam so much that re-spending $249 felt fine. I’d be back in a month with the perfect score.
-
Black Hat MEA 2024: notes from my first big conference
I just got back from Saudi Arabia after my first-ever security conference: Black Hat Middle East & Africa, November 24-26 in Malham, north of Riyadh. North African roots and global security peers in one room, 2 birds 1 rock (yes, I know).