Blog

Lessons from building secure systems, running compliance programs, and breaking things on purpose.

Mar 20, 2026
What SOC 2 Actually Means for Startups The gap between checking boxes and building trust with enterprise customers is wider than most founders think.
Mar 15, 2026
I Found a Kill Switch in the Mirai Botnet How a single unauthenticated vulnerability in Mirai's C&C server let anyone shut it down remotely.
Mar 10, 2026
Your Startup Doesn't Need a CISO Yet What you actually need is someone who can own security without turning it into a bureaucracy.
Mar 5, 2026
The Operational Side of Cybersecurity Nobody Talks About Security is more than pentesting and red teams. Someone has to keep the lights on while hardening everything.
Feb 28, 2026
DDoS Mitigation Lessons from Building AttackEngine Building a stress-testing platform taught me more about DDoS defense than any textbook could.
Feb 20, 2026
Pentest Your Own Product Before Someone Else Does If you are not attacking your own systems, you are leaving that job to someone with worse intentions.
Feb 12, 2026
Compliance is a Product Feature, Not a Checkbox Startups that treat compliance as overhead lose deals. The ones that build it into the product win them.
Jan 30, 2026
Running a Security Audit Across 60+ Assets Domains, servers, API keys, third-party integrations. How I cataloged and secured everything at once.