Mar 13, 2026
Cloud Misconfigurations: The #1 Cause of Breaches Nobody Wants to Admit
Cloud Misconfigurations: The #1 Cause of Breaches Nobody Wants to Admit
Cloud Misconfigurations: The #1 Cause of Breaches Nobody Wants to Admit
Cloud Misconfigurations: The #1 Cause of Breaches Nobody Wants to Admit
A grounded walkthrough of where real cloud environments fail, including identity assignments, storage exposure, monitoring gaps, and over-permissioning. The post focuses on fixes that materially reduce risk and ties technical issues directly to business impact.
A grounded walkthrough of where real cloud environments fail, including identity assignments, storage exposure, monitoring gaps, and over-permissioning. The post focuses on fixes that materially reduce risk and ties technical issues directly to business impact.
A grounded walkthrough of where real cloud environments fail, including identity assignments, storage exposure, monitoring gaps, and over-permissioning. The post focuses on fixes that materially reduce risk and ties technical issues directly to business impact.
A grounded walkthrough of where real cloud environments fail, including identity assignments, storage exposure, monitoring gaps, and over-permissioning. The post focuses on fixes that materially reduce risk and ties technical issues directly to business impact.
Mar 6, 2026
Don’t Wait Until Q4 For Your Annual Pen Test
Don’t Wait Until Q4 For Your Annual Pen Test
Don’t Wait Until Q4 For Your Annual Pen Test
Don’t Wait Until Q4 For Your Annual Pen Test
Year-end penetration tests are often driven by budgets or audits rather than risk reduction. Testing earlier in the year gives teams time to remediate findings, influence architecture decisions, and turn security testing into meaningful improvement—not just documentation.
Year-end penetration tests are often driven by budgets or audits rather than risk reduction. Testing earlier in the year gives teams time to remediate findings, influence architecture decisions, and turn security testing into meaningful improvement—not just documentation.
Year-end penetration tests are often driven by budgets or audits rather than risk reduction. Testing earlier in the year gives teams time to remediate findings, influence architecture decisions, and turn security testing into meaningful improvement—not just documentation.
Year-end penetration tests are often driven by budgets or audits rather than risk reduction. Testing earlier in the year gives teams time to remediate findings, influence architecture decisions, and turn security testing into meaningful improvement—not just documentation.
Feb 27, 2026
My Thoughts on Claude Code Security
My Thoughts on Claude Code Security
My Thoughts on Claude Code Security
My Thoughts on Claude Code Security
Michael Weimer shares his thoughts around the recent Claude Code Security hype.
Michael Weimer shares his thoughts around the recent Claude Code Security hype.
Michael Weimer shares his thoughts around the recent Claude Code Security hype.
Michael Weimer shares his thoughts around the recent Claude Code Security hype.
Feb 24, 2026
MFA Isn’t Enough: Why Identity Is Now Your Largest Attack Surface
MFA Isn’t Enough: Why Identity Is Now Your Largest Attack Surface
MFA Isn’t Enough: Why Identity Is Now Your Largest Attack Surface
MFA Isn’t Enough: Why Identity Is Now Your Largest Attack Surface
MFA helps, but identity sprawl and non human accounts now create the largest and least validated attack surface.
MFA helps, but identity sprawl and non human accounts now create the largest and least validated attack surface.
MFA helps, but identity sprawl and non human accounts now create the largest and least validated attack surface.
MFA helps, but identity sprawl and non human accounts now create the largest and least validated attack surface.
Feb 17, 2026
“We Passed Our Last Audit.” Why That Doesn't Mean Your Environment is Secure
“We Passed Our Last Audit.” Why That Doesn't Mean Your Environment is Secure
“We Passed Our Last Audit.” Why That Doesn't Mean Your Environment is Secure
“We Passed Our Last Audit.” Why That Doesn't Mean Your Environment is Secure
Passing a cybersecurity audit doesn’t mean you’re secure. Learn what audits actually measure, why security degrades afterward, and how ongoing validation closes the gaps attackers exploit.
Passing a cybersecurity audit doesn’t mean you’re secure. Learn what audits actually measure, why security degrades afterward, and how ongoing validation closes the gaps attackers exploit.
Passing a cybersecurity audit doesn’t mean you’re secure. Learn what audits actually measure, why security degrades afterward, and how ongoing validation closes the gaps attackers exploit.
Passing a cybersecurity audit doesn’t mean you’re secure. Learn what audits actually measure, why security degrades afterward, and how ongoing validation closes the gaps attackers exploit.
Jan 8, 2026
Don’t Over(React): A Measured Look at the New React / Next.js Vulnerability
Don’t Over(React): A Measured Look at the New React / Next.js Vulnerability
Don’t Over(React): A Measured Look at the New React / Next.js Vulnerability
Don’t Over(React): A Measured Look at the New React / Next.js Vulnerability
Every few months, a framework vulnerability detonates headlines and panic follows. React2Shell is the latest. It’s serious if you’re exposed, and irrelevant if you’re not. This post breaks down how to tell the difference, without fear, noise, or guesswork.
Every few months, a framework vulnerability detonates headlines and panic follows. React2Shell is the latest. It’s serious if you’re exposed, and irrelevant if you’re not. This post breaks down how to tell the difference, without fear, noise, or guesswork.
Every few months, a framework vulnerability detonates headlines and panic follows. React2Shell is the latest. It’s serious if you’re exposed, and irrelevant if you’re not. This post breaks down how to tell the difference, without fear, noise, or guesswork.
Every few months, a framework vulnerability detonates headlines and panic follows. React2Shell is the latest. It’s serious if you’re exposed, and irrelevant if you’re not. This post breaks down how to tell the difference, without fear, noise, or guesswork.