Articles

Practical guides for modern security

Honest writing on SOC 2 readiness, continuous compliance, vulnerability management, incident response, and the messy realities of keeping a regulated business secure.

19 articles
Threat Detection10 min read

Cyber Threat Intelligence Without a Team: Making Threat Data Actually Change What You Do

Threat intelligence has a reputation as an enterprise luxury — expensive feeds, a dedicated analyst, a wall of dashboards nobody reads. The useful version is almost the opposite: a small, deliberate habit of letting real knowledge about who is attacking businesses like yours change a handful of concrete decisions. A practical guide to the three altitudes of threat intel, the free sources a lean team can actually use, and the one discipline that separates intelligence that sharpens your defenses from a feed that just adds noise.

Paul HittJul 12, 2026
Threat Detection8 min read

Buy the Watch, Not the Building: When a Lean Team Should Outsource Detection

Detection is the security function that never sleeps and never scales gracefully on a small team — you cannot staff a 24/7 watch with three people who also ship the product. Managed Detection and Response exists to rent exactly that capability. When outsourcing the watch is the right call, what MDR actually does versus what it doesn't, and how to keep an outsourced service from becoming a black box you can't see into.

Paul HittJul 3, 2026
Threat Detection8 min read

Secrets in Git History: The Key You Deleted Is Still in the Repo

You committed an API key, noticed, and deleted it in the next commit — but git never forgets, and the key is still sitting in the history for anyone who clones the repo. How a lean team watches its own and its public repositories for leaked credentials, treats each hit as a finding, and proves the exposure is closed by rotating the secret rather than just deleting the line.

Paul HittJul 2, 2026
Threat Detection7 min read

Canary Tokens: The Tripwire That Tells You Someone Is Already Inside

Most detection tries to spot an attacker by their behaviour, which is noisy and hard. A honeytoken flips it around: plant a fake credential, file, or link that no legitimate person should ever touch, and the moment it is used you have a near-zero-false-positive alert that someone is where they should not be. How a lean team seeds tripwires across its environment and routes a trip straight into the findings queue.

Paul HittJul 2, 2026
Threat Detection8 min read

The Login They Never Had To Do: Session Hijacking and Stolen Tokens

Strong passwords and MFA guard the front door — but once a user is logged in, their session token is a bearer key that asks no more questions. Steal it and you are inside, no password and no second factor required. How a lean team shortens the window, watches for the tell-tale signs of a hijacked session, and proves the door closes when someone leaves.

Paul HittJul 1, 2026
Threat Detection8 min read

OAuth Consent Phishing: The Malicious App That Never Needs Your Password

The newest account takeover skips the password entirely. A user clicks "Allow" on a slick consent screen, and a third-party app walks away with a token that reads their mail and files — no credential stolen, no MFA prompt, nothing for your login alarms to catch. How to inventory the apps connected to your accounts, watch for the malicious ones, and prove you keep that surface under control.

Paul HittJun 30, 2026
Articles — Hosting Security