Vendor breaches don’t get CVEs. But when events like Salesloft happen, you care about whether your data was exposed as a result of the breach.

Security vendors are building official MCP servers because they see the value of making information and actions available to less technical users.

FedRAMP authorizations seem to have recently increased. Which providers benefit the most from FedRAMP, and who’s buying? Let’s look at the data.

How should we authorize AI agents? We don’t need to reinvent the wheel — OAuth gives us most of what we need for controlled access delegation.

CISOs want tools that solve problems rather than find them, use modern tooling, consolidate functionality, cover complex environments, and help teams scale.

Where are you really in your zero trust journey, and how much further do you have to go? True zero trust is more aspirational than achievable.

I interviewed 57 security leaders about what sucks in security. Top pain points: inconsistent access management, vulnerability remediation, and SaaS logs.

Rather than a security tool alerting the security team in Slack, who then finds the right person to ping — what if the tool just went right to the source?

No organization has fully implemented zero trust architecture. Many advocates, including the US government, overlook devices as a key BeyondCorp component.

I’m burnt out. If you’re reading this, there’s a strong chance you’re burnt out too. We’re about to have, uh, a moment, so brace yourself.