Research
Notes from the field
Writing on offensive tradecraft, cloud security, threat intelligence, and what it actually takes to run a security program that survives contact with real attackers.
AWS Billing Console Glitch Triggers Inaccurate Cost Estimates
Learn what caused the AWS Billing Console glitch on July 16-17, 2026, why your cost estimates are inaccurate, and why you don't need to panic.
The IAM Blind Spots That Keep Showing Up in Cloud Assessments
Over-permissioned roles and implicit trust chains are the single most common finding across cloud security assessments. Here's why they keep happening.
Compliant Doesn't Mean Secure — And Your Board Should Know the Difference
SOC 2 and ISO 27001 prove you have a process. They don't prove an attacker can't get in. Here's how to talk about the gap with leadership.
Anatomy of a Modern Supply Chain Attack — And Where Defenses Actually Break
A walkthrough of how a single compromised dependency turns into full CI/CD compromise, and the specific control points that stop it in practice.
What Changed in Ransomware Tradecraft This Year
Ransomware operators have shifted from smash-and-encrypt to slow, quiet data theft. Here's what that means for detection and response strategy.