// practitioner intelligence for security operators
CVE research, red team methodology, healthcare security, and the practitioner's path to the CISO seat — written by someone doing the work.
Mass credential exfiltration from internet-exposed FortiGate management interfaces. IOC analysis and a validated patch-check methodology.
How a block-everything security posture breaks down when the business demands GenAI — and a framework for enabling it without putting PHI at risk.
Moving from individual contributor to security director in a fraction of the expected timeline. The struggles, the identity shift, and what I'd tell myself at the start.
How CVE-2019-10768 prototype pollution enables authorization bypass in AngularJS 1.x — and a safe demonstration methodology for developer briefings.
Risk-scored phish-resistant identity verification with Temporary Access Passes, Teams live agent escalation, and a full RBAC admin panel.
The gap between a DLP policy document and a DLP policy that actually works in a clinical environment.