AI agent identity: it’s just OAuth
- authorization
- ai
How should we authorize AI agents? We don’t need to reinvent the wheel — OAuth gives us most of what we need for controlled access delegation.
Dear Santa, all I want for Christmas is better security tools
- Market research
CISOs want tools that solve problems rather than find them, use modern tooling, consolidate functionality, cover complex environments, and help teams scale.
The road to zero trust is paved with good intentions
- BeyondCorp
- Infrastructure security
Where are you really in your zero trust journey, and how much further do you have to go? True zero trust is more aspirational than achievable.
What sucks in security? Research findings from 50+ security leaders
- Market research
I interviewed 57 security leaders about what sucks in security. Top pain points: inconsistent access management, vulnerability remediation, and SaaS logs.
Delegating security remediation to employees via Slack
- DevSecOps
Rather than a security tool alerting the security team in Slack, who then finds the right person to ping — what if the tool just went right to the source?
BeyondCorp is dead, long live BeyondCorp
- BeyondCorp
- Infrastructure security
No organization has fully implemented zero trust architecture. Many advocates, including the US government, overlook devices as a key BeyondCorp component.
Burning out and quitting
- Culture
I’m burnt out. If you’re reading this, there’s a strong chance you’re burnt out too. We’re about to have, uh, a moment, so brace yourself.