Every SaaS company selling to enterprise hits the security questionnaire wall, again and again. A practitioner take on why the questions keep coming and how to stop answering each one from scratch.
AI isn't a new category of risk. It's a new vector for existing ones. How to govern AI tools by extending the security program you already have, before the customer questionnaire arrives.
Twelve months of preparation, a four-terabyte database, and a single maintenance window. The decisions that made an Azure migration uneventful, and the ones I'd revisit today.
Most companies reach for a CTO when something breaks, but the role is a bundle of jobs that can be filled by a combination of people. A founder's guide to asking a better question.
A practitioner's account of building a SOC 2-ready information security program from nothing, and sustaining four consecutive SOC 2 Type 2 audits with zero findings.
A guide for business leaders who need senior technology leadership without a full-time executive hire. What the role really involves, and what it doesn't.