Securing MCP: a defense-first architecture guide
Why the Model Context Protocol needs a new security mental model, and how to build it.
Threat modeling agentic AI: a scenario-driven approach
A scenario-driven workflow for tracing attack paths in agentic AI systems using a five-zone navigation lens, attack trees, and OWASP’s threat taxonomy and playbooks.
From LLM to agentic AI: prompt injection got worse
How the shift from single-model LLM integrations to agentic AI systems amplifies prompt injection into a multi-step attack chain.
Dependency cooldowns: a simple supply chain fix
Learn how dependency cooldowns protect against supply chain attacks by delaying automatic adoption of new package versions.
Ship fast, but guard faster: securing DevOps itself
A pragmatic defense-first guide for modern DevOps.
12 steps to secure software: a prioritized roadmap
Empower cybersecurity in software development projects with these easy and effective first steps.
Micro attack simulations: scenario-driven validation
I was interviewed about improving cyber resilience through Micro Attack Simulations.
Archived
Handling Log4Shell vulnerability
Summarizing the current state of advice regarding the Log4j vulnerability.
Archived
Java deserialization security FAQ
Details about the vulnerability class Untrusted Deserialization.