What makes a security product "good"?
October 23, 2024
What happens to password managers?
October 10, 2024
Most security tools are too theoretical
October 04, 2024
September 24, 2024
Security needs to shift away from risk and focus on trust
September 18, 2024
September 10, 2024
AI is creating the next-gen of appsec companies
August 28, 2024
August 20, 2024
Compliance (GRC) engineering is promising
August 06, 2024
CISOs and security leaders shouldn't invest in startups
August 03, 2024
July 15, 2024
Why change is hard in security?
July 09, 2024
Security for Developers: Vulnerability Management
June 26, 2024
June 25, 2024
What cybersecurity companies will succeed?
June 18, 2024
Who's responsible in the Snowflake breaches?
June 11, 2024
Security engineering is more efficient
June 05, 2024
May 28, 2024
Security for Developers: Access Control
May 23, 2024
Security for developers: Basic web security
May 10, 2024
The Wiz acquisition of Lacework makes sense
April 26, 2024
April 16, 2024
Security for developers: Hashing and Encryption
April 10, 2024
Is it managed detection and response (MDR)'s time to shine?
April 02, 2024
Security for developers: Threat Modeling
March 26, 2024
A path forward for appsec (with the help of AI)
March 19, 2024
Security needs to be build again
March 13, 2024
The changing reality of appsec
March 06, 2024
5 Cybersecurity Predictions for 2024
February 29, 2024
Security is finally embracing data
February 21, 2024
February 15, 2024
Cisco's security strategy is confusing
February 01, 2024
Developers don't care about security
January 25, 2024
Most security products are too automated
January 17, 2024
How Microsoft security succeeds
January 09, 2024
Microsoft will struggle with security
January 03, 2024
5 Cybersecurity Predictions for 2023
December 27, 2023
December 22, 2023
Developer security education products are pointless
December 19, 2023
Security leaders should aspire to have smaller orgs
December 12, 2023
Why security is a bad business
December 07, 2023
Security is not everyone's responsibility! (repost)
November 28, 2023
How all data security companies fail
November 21, 2023
Let's get rid of security reviews
November 16, 2023
November 08, 2023
The difficulty with email security products
October 24, 2023
Cloud Security from First Principles (repost)
October 17, 2023
What is Palo Alto Networks doing?
October 10, 2023
Thoughts on the Las Vegas hack
October 03, 2023
Splunk makes Cisco a cloud security player
September 26, 2023
Why a Wiz-SentinelOne acquisition could have made sense
September 20, 2023
How to become a better security engineer
September 12, 2023
Only engineers can secure the cloud
September 06, 2023
Free Article and requests for future articles
August 30, 2023
August 29, 2023
Efficiency/Effectiveness tradeoffs for a security program
August 22, 2023
August 16, 2023
The new SEC cybersecurity rules shouldn't change anything
August 07, 2023
How to be an engineer that security people don't hate
August 01, 2023
July 25, 2023
People are confused about cybersecurity
July 05, 2023
Having only security operations is ok
June 27, 2023
June 20, 2023
June 13, 2023
June 07, 2023
Frankly Speaking - AI is a blessing to security
April 26, 2023
Frankly Speaking - Wars will become more digital
April 11, 2023
Unpaywalled: The next 10B+ security companies
April 06, 2023
Frankly Speaking - Don't worry about AI
April 04, 2023
Frankly Speaking - Congress is confused about security
March 28, 2023
Frankly Speaking - The rise of the technical security leader
March 22, 2023
Frankly Speaking - Why security is broken
March 15, 2023
Frankly Speaking - Container Security Risks
March 08, 2023
Frankly Speaking - Security is not everyone's responsibility!
February 28, 2023
Frankly Speaking - Breaches are inevitable
February 21, 2023
Frankly Speaking - Analyzing the Reddit Hack
February 14, 2023
Frankly Speaking - Why Rapid7 should be bought
February 06, 2023
Frankly Speaking - How Palo Alto Networks fails
January 31, 2023
Frankly Speaking - The end of the security specialist
January 25, 2023
Frankly Speaking - Analyzing the CircleCI hack
January 10, 2023
Frankly Speaking - 5 Cybersecurity Predictions for 2023
January 05, 2023
Frankly Speaking - Analyzing the LastPass hack pt. 2
December 28, 2022
Frankly Speaking - Analyzing the LastPass hack
December 26, 2022
Frankly Speaking - Why security is hard
December 15, 2022
Frankly Speaking - Why security is easy
December 05, 2022
Frankly Speaking - We need to fix bug bounty
November 25, 2022
Frankly Speaking - How Okta fails
November 15, 2022
Frankly Speaking - Almost all cybersecurity VCs are confused.
November 09, 2022
Frankly Speaking - How Zscaler fails
November 01, 2022
Frankly Speaking - The next 10B+ security companies
October 25, 2022
Frankly Speaking - How Crowdstrike fails
October 18, 2022
Frankly Speaking 10/5/21 - The rise of security engineering
October 05, 2022
Frankly Speaking 9/27/22 - Data is changing security!
September 27, 2022
Frankly speaking 9/20/22 - External red teams suck!
September 20, 2022
Frankly Speaking 9/6/22 - Stop thinking about "build vs. buy"!
September 06, 2022
Frankly Speaking 8/30 - Security is easier with engineers
August 30, 2022
Frankly Speaking 8/16/22 -- Access is the biggest threat
August 16, 2022
Frankly Speaking 8/9/22 - Security needs more engineers
August 09, 2022
Frankly Speaking 6/22/22 - AppSec is dead!
June 21, 2022
Frankly Speaking 9/7/21 - The Hype Rorschach Test
September 07, 2021
Frankly Speaking 7/20/21 - No one can solve ransomware!
July 20, 2021
Frankly Speaking 6/22/21 - All security products suck!
June 22, 2021
Frankly Speaking 6/8/21 - Stop talking about zero-trust!
June 08, 2021
Frankly Speaking 3/16/21 - Why cloud security is hard
March 16, 2021
Frankly Speaking 2/16/21 - Most security products are useless!
February 16, 2021
Frankly Speaking 1/12/21 - Convincing Developers to do Security
January 12, 2021
Frankly Speaking 12/15/20 - Startups should say what they mean!
December 15, 2020
Frankly Speaking 10/20/20 - Datacenter security is dead!
October 20, 2020
Frankly Speaking 9/22/20 - Compliance generates security value
September 22, 2020
Frankly Speaking 9/8/20 - Developers don't care about security
September 08, 2020
Frankly Speaking, 7/7/20 - Why AI/ML fails
July 07, 2020
May 05, 2020
Frankly Speaking, 5/5/20 - Why Cloud != Cloud-Native
May 05, 2020