When Your Management Plane Becomes the Attack Surface
How the March 2026 Stryker incident shows that identity and admin control planes, not malware, are now the primary enterprise attack surface.
2026-03-20T00:00:00.000Z • 9 min read
Blog
Notes on security, AI, and whatever I'm currently overthinking.
A Practical Microsoft 365 Security Baseline for 2026
A simple baseline of Microsoft 365 security controls that reduce common breach paths like business email compromise and identity takeover.
2026-03-12T00:00:00.000Z • 14 min read
What the WA Government Microsoft 365 Incident Teaches Us About Preventable Breach Paths
A look at the Western Australia Auditor General findings and what they reveal about how Microsoft 365 breaches actually happen.
2026-03-12T00:00:00.000Z • 8 min read
WebAuthn Under the Hood and Where Passkeys Still Fall Short
A technical breakdown of WebAuthn registration and authentication flows, plus a practical look at where passkeys do not solve every security problem.
2026-02-20T00:00:00.000Z • 12 min read
Authentication for Humans Why Passkeys Finally Make Sense
Why passkeys are the first meaningful redesign of authentication in decades. A practical, security-first look at phishing resistance, WebAuthn, and enterprise reality.
2026-02-16T00:00:00.000Z • 10 min read
Zero Trust in a SaaS and AI World Part 2 | Enforcing Security at the Browser Layer
Practical controls for enforcing Zero Trust in SaaS and AI environments including in-browser DLP, OAuth governance, and session telemetry.
2026-02-14T00:00:00.000Z • 6 min read
Zero Trust in a SaaS and AI World Part 1 | The Browser Is the Enterprise Perimeter
Most modern SaaS and AI breaches begin in the browser. Token theft, OAuth abuse, and generative AI workflows have shifted the Zero Trust perimeter.
2026-02-13T00:00:00.000Z • 6 min read
Secure by Design for CLI AI Coding Agents
How to securely run GitHub Copilot CLI and Claude Code on developer machines. Prevent prompt injection, repository poisoning, and over-scoped tokens using deterministic controls.
2026-02-12T00:00:00.000Z • 8 min read