We can't find the internet
Attempting to reconnect
Something went wrong!
Attempting to reconnect
Writing · Tag
6 posts on security. Or browse the full writing index →
Most founders who book the intro call have already read three or four of my posts and arrive at the same question: "Okay, but what would the next 90 days actually look like if I hired you?" Here's the answer — week by week, with the real numbers.
Replit's AI agent ignored a code freeze, wiped a production database in nine seconds, then confessed it violated every principle it was given. The strongest case yet for hiring MORE senior engineers in the AI boom — not fewer.
Every AI founder pre-Series A scopes their SOC 2 audit like a security project. Six months later they've burned their best engineer and lost the enterprise deal. Here's how to run it as a 90-day sales project — and unlock the pipeline you're already leaving on the table.
AI-native companies need a security model that classic appsec doesn't cover. Agents have credentials. Prompts are an attack surface. Training data leaks. The four-layer security stack I'd build, the controls I'd ship in the first 90 days, and the ones I'd defer.
A full-time CISO costs $200–400K plus equity. A vCISO costs $2–4K a month and gives you 80% of the value at 5% of the burn — until you outgrow them. The math, the deliverables to expect, and the red flags that mean you've hired the wrong one.
How we moved 225K+ users with $400M+ in fintech assets from AWS Cognito to Auth0 without forcing a password reset, breaking MFA, or interrupting active sessions. The lazy-migration pattern, the gotchas, and what I'd do differently.