Thoughts on the Cylance and Arctic Wolf Acquisition

December 19, 2024

How AI security companies fail

December 10, 2024

Security for AI: A lot is unknown

November 26, 2024

How to use AI in security

November 20, 2024

Security by design is hard

November 10, 2024

Breach simulation is a complicated market

November 01, 2024

What makes a security product "good"?

October 23, 2024

What happens to password managers?

October 10, 2024

Most security tools are too theoretical

October 04, 2024

Security risk is hard

September 24, 2024

Security needs to shift away from risk and focus on trust

September 18, 2024

Security has too many tools

September 10, 2024

AI is creating the next-gen of appsec companies

August 28, 2024

Five thoughts from DefCon

August 20, 2024

Compliance (GRC) engineering is promising

August 06, 2024

CISOs and security leaders shouldn't invest in startups

August 03, 2024

What the Crowdstrike outage means for the security industry?

July 24, 2024

Assessing the Wiz-Google deal

July 15, 2024

Why change is hard in security?

July 09, 2024

Security for Developers: Vulnerability Management

June 26, 2024

June sale!

June 25, 2024

What cybersecurity companies will succeed?

June 18, 2024

Who's responsible in the Snowflake breaches?

June 11, 2024

Security engineering is more efficient

June 05, 2024

Is this the end of SIEM?

May 28, 2024

Security for Developers: Access Control

May 23, 2024

How SaaS security posture management companies (SSPM) fail

May 14, 2024

Security for developers: Basic web security

May 10, 2024

How to be a security person that engineers don't hate

May 04, 2024

The Wiz acquisition of Lacework makes sense

April 26, 2024

How Rubrik fails

April 16, 2024

Security for developers: Hashing and Encryption

April 10, 2024

Is it managed detection and response (MDR)'s time to shine?

April 02, 2024

Security for developers: Threat Modeling

March 26, 2024

A path forward for appsec (with the help of AI)

March 19, 2024

Security needs to be build again

March 13, 2024

The changing reality of appsec

March 06, 2024

5 Cybersecurity Predictions for 2024

February 29, 2024

Security is finally embracing data

February 21, 2024

How Crowdstrike fails

February 15, 2024

Cisco's security strategy is confusing

February 01, 2024

Developers don't care about security

January 25, 2024

Most security products are too automated

January 17, 2024

How Microsoft security succeeds

January 09, 2024

Microsoft will struggle with security

January 03, 2024

5 Cybersecurity Predictions for 2023

December 27, 2023

Xmas sale!

December 22, 2023

Developer security education products are pointless

December 19, 2023

Security leaders should aspire to have smaller orgs

December 12, 2023

Why security is a bad business

December 07, 2023

Security is not everyone's responsibility! (repost)

November 28, 2023

How all data security companies fail

November 21, 2023

Let's get rid of security reviews

November 16, 2023

How Vanta fails

November 08, 2023

The difficulty with email security products

October 24, 2023

Cloud Security from First Principles (repost)

October 17, 2023

What is Palo Alto Networks doing?

October 10, 2023

Thoughts on the Las Vegas hack

October 03, 2023

Splunk makes Cisco a cloud security player

September 26, 2023

Why a Wiz-SentinelOne acquisition could have made sense

September 20, 2023

How to become a better security engineer

September 12, 2023

Only engineers can secure the cloud

September 06, 2023

Free Article and requests for future articles

August 30, 2023

How Wiz fails

August 29, 2023

Efficiency/Effectiveness tradeoffs for a security program

August 22, 2023

How Snyk fails

August 16, 2023

The new SEC cybersecurity rules shouldn't change anything

August 07, 2023

How to be an engineer that security people don't hate

August 01, 2023

How Palo Alto Networks wins

July 25, 2023

People are confused about cybersecurity

July 05, 2023

Having only security operations is ok

June 27, 2023

Thoughts on the MOVEit hack

June 20, 2023

How Cloudflare fails

June 13, 2023

Why CISO turnover is good

June 07, 2023

Frankly Speaking - Building products for security engineering

May 31, 2023

Frankly Speaking - How private equity foreshadows cybersecurity market consolidation

May 16, 2023

Frankly Speaking - Cybersecurity maturity: 3 types of companies and what this means for the industry

May 05, 2023

Frankly Speaking - AI is a blessing to security

April 26, 2023

Frankly Speaking - Cloudflare is the most underrated security company

April 18, 2023

Frankly Speaking - Wars will become more digital

April 11, 2023

Unpaywalled: The next 10B+ security companies

April 06, 2023

Frankly Speaking - Don't worry about AI

April 04, 2023

Frankly Speaking - Congress is confused about security

March 28, 2023

Frankly Speaking - The rise of the technical security leader

March 22, 2023

Frankly Speaking - Why security is broken

March 15, 2023

Frankly Speaking - Container Security Risks

March 08, 2023

Frankly Speaking - Security is not everyone's responsibility!

February 28, 2023

Frankly Speaking - Breaches are inevitable

February 21, 2023

Frankly Speaking - Analyzing the Reddit Hack

February 14, 2023

Frankly Speaking - Why Rapid7 should be bought

February 06, 2023

Frankly Speaking - How Palo Alto Networks fails

January 31, 2023

Frankly Speaking - The end of the security specialist

January 25, 2023

Frankly Speaking - Analyzing the CircleCI hack

January 10, 2023

Frankly Speaking - 5 Cybersecurity Predictions for 2023

January 05, 2023

Frankly Speaking - Analyzing the LastPass hack pt. 2

December 28, 2022

Frankly Speaking - Analyzing the LastPass hack

December 26, 2022

Frankly Speaking - Why security is hard

December 15, 2022

Frankly Speaking - Why security is easy

December 05, 2022

Frankly Speaking - We need to fix bug bounty

November 25, 2022

Frankly Speaking - How Okta fails

November 15, 2022

Frankly Speaking - Almost all cybersecurity VCs are confused.

November 09, 2022

Frankly Speaking - How Zscaler fails

November 01, 2022

Frankly Speaking - The next 10B+ security companies

October 25, 2022

Frankly Speaking - How Crowdstrike fails

October 18, 2022

Frankly Speaking 10/5/21 - The rise of security engineering

October 05, 2022

Frankly Speaking 9/27/22 - Data is changing security!

September 27, 2022

Frankly speaking 9/20/22 - External red teams suck!

September 20, 2022

Frankly Speaking 9/13/22 - Most security reports suck... and how security can deliver value.

September 13, 2022

Frankly Speaking 9/6/22 - Stop thinking about "build vs. buy"!

September 06, 2022

Frankly Speaking 8/30 - Security is easier with engineers

August 30, 2022

Frankly Speaking 8/23/22 - Security needs more second-order thinking

August 23, 2022

Frankly Speaking 8/16/22 -- Access is the biggest threat

August 16, 2022

Frankly Speaking 8/9/22 - Security needs more engineers

August 09, 2022

Frankly Speaking 8/2/22 - Why I buy tools but don't (usually) plan to keep them

August 02, 2022

Frankly Speaking 7/26/22 - Let's get rid of security operation centers (SOCs)!

July 26, 2022

Frankly Speaking 7/19/22 - Companies should stop using VPNs!

July 19, 2022

Frankly Speaking 7/12/22 - You don't have mail! Email security is changing

July 12, 2022

Frankly Speaking 7/5/21 - Managing network security in a cloud world

July 05, 2022

Frankly Speaking 6/28/22 - Don't confuse compliance with security

June 28, 2022

Frankly Speaking 6/22/22 - AppSec is dead!

June 21, 2022

Frankly Speaking 6/14/22 - I'm back! What is a security engineer? (and some changes)

June 14, 2022

Frankly Speaking 9/7/21 - The Hype Rorschach Test

September 07, 2021

Frankly Speaking 7/20/21 - No one can solve ransomware!

July 20, 2021

Frankly Speaking 6/22/21 - All security products suck!

June 22, 2021

Frankly Speaking 6/8/21 - Stop talking about zero-trust!

June 08, 2021

Frankly Speaking 5/18/21 - Cloud Security from First Principles (revisited)

May 18, 2021

Frankly Speaking 4/27/21 - Data security might have new life!

April 27, 2021

Frankly Speaking 3/30/21 - Why are there so many security vendors!

March 30, 2021

Frankly Speaking 3/16/21 - Why cloud security is hard

March 16, 2021

Frankly Speaking 3/2/21 - Stop forcing security and engineering to collaborate!

March 02, 2021

Frankly Speaking 2/16/21 - Most security products are useless!

February 16, 2021

Frankly Speaking 1/26/21 - The challenge with open-source and security

January 26, 2021

Frankly Speaking 1/12/21 - Convincing Developers to do Security

January 12, 2021

Frankly Speaking 12/15/20 - Startups should say what they mean!

December 15, 2020

Frankly Speaking 12/1/20 - Smart VCs shouldn't invest in network security

December 01, 2020

Frankly Speaking 10/20/20 - Datacenter security is dead!

October 20, 2020

Frankly Speaking 10/6/20 - Differentiating in a crowded security market

October 06, 2020

Frankly Speaking 9/22/20 - Compliance generates security value

September 22, 2020

Frankly Speaking 9/8/20 - Developers don't care about security

September 08, 2020

Frankly Speaking 8/18/20 - Cloud providers don't care about security

August 18, 2020

Frankly Speaking 8/4/20 - Why data security is hard and what it means for the cloud

August 04, 2020

Frankly Speaking 7/21/20 - Current and Future Trends in Cybersecurity

July 21, 2020

Industry Roundtable for the changing landscape of cybersecurity

July 20, 2020

Frankly Speaking, 7/7/20 - Why AI/ML fails

July 07, 2020

Frankly Speaking 6/23/20 - Handling security incidents in cloud environments

June 23, 2020

Frankly Speaking 5/26/20 - Cloud Security from First Principles

May 26, 2020

Frankly Speaking, 5/12/20 - SecOps and TechOps in a Cloud-Native World

May 12, 2020

Frankly Speaking

May 05, 2020

Frankly Speaking, 5/5/20 - Why Cloud != Cloud-Native

May 05, 2020

Frankly Speaking, 4/22/20 - How cloud sessions complicate security

April 22, 2020

Frankly Speaking, 4/7/20 -- Public cloud is changing IT and security!

April 07, 2020

Frankly Speaking, 3/24/20 -- Recession-resistant Cybersecurity Companies

March 24, 2020