This is a multi-part series on building secure products, geared for B2B SaaS companies who want to sell to the enterprise.
Small mistakes in an incident can have a big downstream impact.. here are some mistakes to avoid.

January 2023

I was asked the other day: “How do we build security culture?” Here is my playbook.
Rotate your secrets in CircleCI NOW. Also a universal takeaway for future SaaS breaches.
It's been two years since I started this... so let's look back at some highlights!

December 2022

When working with execs and non-security folks, we often need to illustrate (and sometimes demonstrate) the risk of doing, or not doing, something. But…
I went through all the re:Invent announcement and put together a list of the Top 10 relevant items for security minded teams.
Would you give your teenage kid with a newly minted drivers license your old honda to drive or your 2-door coupe that you ride on the weekends?

November 2022

If you're sick, you can choose to treat the disease... or do nothing. But What if you don’t know you’re sick??
A lot of people talk about “shifting left” their application security, but what does that really mean? I’ll break it down for you a little and provide…

October 2022

A risk register is just a fancy cybersecurity term for “a list of things that introduce risk to the company”. In the post, I will walk you through why…
🔥Hot take... there is no cybersecurity talent shortage.