Practical guides for modern security
Honest writing on SOC 2 readiness, continuous compliance, vulnerability management, incident response, and the messy realities of keeping a regulated business secure.
Cyber Threat Intelligence Without a Team: Making Threat Data Actually Change What You Do
Threat intelligence has a reputation as an enterprise luxury — expensive feeds, a dedicated analyst, a wall of dashboards nobody reads. The useful version is almost the opposite: a small, deliberate habit of letting real knowledge about who is attacking businesses like yours change a handful of concrete decisions. A practical guide to the three altitudes of threat intel, the free sources a lean team can actually use, and the one discipline that separates intelligence that sharpens your defenses from a feed that just adds noise.
Buy the Watch, Not the Building: When a Lean Team Should Outsource Detection
Detection is the security function that never sleeps and never scales gracefully on a small team — you cannot staff a 24/7 watch with three people who also ship the product. Managed Detection and Response exists to rent exactly that capability. When outsourcing the watch is the right call, what MDR actually does versus what it doesn't, and how to keep an outsourced service from becoming a black box you can't see into.
Secrets in Git History: The Key You Deleted Is Still in the Repo
You committed an API key, noticed, and deleted it in the next commit — but git never forgets, and the key is still sitting in the history for anyone who clones the repo. How a lean team watches its own and its public repositories for leaked credentials, treats each hit as a finding, and proves the exposure is closed by rotating the secret rather than just deleting the line.
Canary Tokens: The Tripwire That Tells You Someone Is Already Inside
Most detection tries to spot an attacker by their behaviour, which is noisy and hard. A honeytoken flips it around: plant a fake credential, file, or link that no legitimate person should ever touch, and the moment it is used you have a near-zero-false-positive alert that someone is where they should not be. How a lean team seeds tripwires across its environment and routes a trip straight into the findings queue.
The Login They Never Had To Do: Session Hijacking and Stolen Tokens
Strong passwords and MFA guard the front door — but once a user is logged in, their session token is a bearer key that asks no more questions. Steal it and you are inside, no password and no second factor required. How a lean team shortens the window, watches for the tell-tale signs of a hijacked session, and proves the door closes when someone leaves.
OAuth Consent Phishing: The Malicious App That Never Needs Your Password
The newest account takeover skips the password entirely. A user clicks "Allow" on a slick consent screen, and a third-party app walks away with a token that reads their mail and files — no credential stolen, no MFA prompt, nothing for your login alarms to catch. How to inventory the apps connected to your accounts, watch for the malicious ones, and prove you keep that surface under control.