Practical guides for modern security
Honest writing on SOC 2 readiness, continuous compliance, vulnerability management, incident response, and the messy realities of keeping a regulated business secure.
Passkeys and Passwordless Authentication: Killing the Password Without Betting the Company on One
Passwords are the root cause behind most breaches a small business will ever suffer, and passkeys are the first replacement that is both more secure and easier to use. But swapping the front door of every account is the kind of change that either quietly hardens your whole company or locks half of it out on a Monday morning. A plain-language walk through what a passkey actually is, why it cannot be phished, the synced-versus-hardware choice that shapes your rollout, the recovery problem that is harder than the login problem, and how to move a lean team off passwords without stranding anyone.
Quantum-Safe Cryptography: Why a Lean Team Should Start Planning the Migration Now, Not Later
A cryptographically relevant quantum computer does not exist yet — but "harvest now, decrypt later" means the clock on your long-lived secrets is already running, and the standards to fix it landed in 2024. This is a plain-English planning guide to the post-quantum transition: what actually breaks, what NIST finalized, why crypto-agility matters more than any single algorithm, and how a small team turns a decade-long migration into tracked work it can start this quarter.
The Access Point in the Ceiling: Securing the Office Wi-Fi You Actually Own
Most advice about Wi-Fi assumes you are the guest on someone else's hostile network. But a lean team usually owns at least one network — the office access point in the ceiling, the router in the closet — and that one you can actually harden. A practical baseline for the wireless you administer: one password nobody should know, a guest network that reaches nothing, and the smart TV that should never share a segment with payroll.
MTA-STS and TLS Reporting: Making Sure Mail to You Arrives Encrypted
SPF, DKIM, and DMARC prove who sent a message — but none of them guarantee the message travelled encrypted. Mail servers fall back to plaintext silently, and a network attacker can strip the encryption without anyone noticing. How a lean team publishes MTA-STS to require TLS on inbound mail, turns on TLS-RPT to watch for failures, and treats a downgrade report as a finding.
Securing the Networks You Do Not Own: Remote Work, Home Wi-Fi, and the Coffee-Shop Problem
Your team works on networks you will never administer — home routers, hotel Wi-Fi, the cafe down the street. You cannot harden those networks, so the strategy shifts: make the device safe to use on a hostile network, and prove every machine meets that bar. A practical baseline for a distributed lean team, and how to keep it honest.
The Certificate That Expires on a Saturday: Watching TLS Before It Watches You
An expired TLS certificate is a self-inflicted outage that scares away every visitor with a full-page browser warning — and it almost always lands at the worst possible time. As certificate lifetimes shrink toward weeks, manual renewal stops scaling. How a lean team inventories every certificate, watches expiry as a tracked risk, and proves the whole estate is healthy.