Security

Identity, endpoint, and operational security writing.

Practical security writing for small and mid-sized businesses — passkeys, MFA, endpoint hygiene, and the controls that matter when you can't afford a CISO.

The strongest password policy is the one that lets you stop typing passwords
Thirty years of "longer, more complex, rotated more often" produced sticky notes and password reuse. The actual move in 2026 is to stop typing passwords altogether.
April 26, 20263 min read
Incident response when you don't have an IR team
Most small businesses won't have a dedicated incident response team. The playbook still works — it's just shorter.
December 12, 20253 min read
Why password rotation is a security anti-pattern
Forcing people to change their password every 90 days makes them write it down. NIST quietly dropped the recommendation eight years ago.
July 30, 20253 min read
The 7-control security baseline for a 50-person team
Security at a 50-person company doesn't need to be exotic. It needs to be present. Here's the short list, in order of leverage.
March 17, 20253 min read

Identity, endpoint, and operational security writing.

The strongest password policy is the one that lets you stop typing passwords

Incident response when you don't have an IR team

Why password rotation is a security anti-pattern

The 7-control security baseline for a 50-person team