Most security advice looks good on paper. It just doesn’t hold up in real environments.
I’ve been doing this for 30+ years…across startups and high-growth environments where speed matters and resources aren’t unlimited. Over time, I’ve learned that security isn’t that complicated. We just make it that way. A lot of what the industry treats as standard ends up being noise…things that check boxes but don’t meaningfully reduce risk.
My focus is simple: build high-performing security programs that help the business move faster… not slower.
That means:
Prioritizing what actually matters instead of trying to do everything
Using guardrails, not gates
Making decisions based on context, not rigid frameworks
I don’t think anything in security is binary. There’s no single “right way” to do things. What works for one company can completely fail in another. Most of the job is understanding the business…how it operates, how it makes money, and where risk actually shows up.
I also don’t sit on the sidelines.
I still build things. I experiment. I break things…a lot. I spend time understanding how systems actually work…because that’s where real security comes from. If you’re not close to the technology, you’re guessing.
That’s where the “tinkering” comes in.
I use AI to automate workflows and reduce operational overhead. I build internal tools when existing ones don’t fit. I spend time on infrastructure, self-hosting, and the occasional hardware project… not because it’s required, but because it keeps me grounded in how things actually function, but also because I’m a nerd and love technology.
What you’ll find here:
What’s worked for me with building and running security programs that scale
Practical uses of AI in security…beyond demos and slideware
Experiments, build logs, and things I’m trying
Opinions on what works, what doesn’t, and why
Interesting tools, techniques, and content I find along the way
Some of it will work. Some of it won’t. I’ll share both.
If you’re looking for theory or vendor-driven content, this isn’t that.
If you want to understand how to make security effective in real environments…and maybe pick up a few ideas along the way, then you’ve come to the right place.
