We can't find the internet
Attempting to reconnect
Something went wrong!
Attempting to reconnect
Writing · Tag
7 posts on security. Or browse the full writing index →
Every AI founder pre-Series A scopes their SOC 2 audit like a security project. Six months later they've burned their best engineer and lost the enterprise deal. Here's how to run it as a 90-day sales project — and unlock the pipeline you're already leaving on the table.
AI-native companies need a security model that classic appsec doesn't cover. Agents have credentials. Prompts are an attack surface. Training data leaks. The four-layer security stack I'd build, the controls I'd ship in the first 90 days, and the ones I'd defer.
A full-time CISO costs $200–400K plus equity. A vCISO costs $2–4K a month and gives you 80% of the value at 5% of the burn — until you outgrow them. The math, the deliverables to expect, and the red flags that mean you've hired the wrong one.
How we moved 225K+ users with $400M+ in fintech assets from AWS Cognito to Auth0 without forcing a password reset, breaking MFA, or interrupting active sessions. The lazy-migration pattern, the gotchas, and what I'd do differently.
Protecting your data starts with five habits — strong passwords, MFA, phishing awareness, staying patched, and backing up. A practical guide.
Reflections from the 2014 Adobe ColdFusion Summit — the sessions worth attending, the conversations that stuck, and the state of the ecosystem.
The Shellshock bug (CVE-2014-6271) hit bash-based systems hard. How to detect whether you are vulnerable and the patch steps to close it.