Security Articles

Practical security writing

Articles on application security, threat modeling, container hardening, APIs, and the habits behind stronger engineering teams.

Supply Chain Security 21 Jun 2026 12 min read

NPM Supply Chain Attacks: When Your JavaScript Dependencies Become a Security Risk

A practical introduction to how npm dependencies, transitive packages, maintainer accounts, and installation workflows can become supply chain security risks.

NPM SecuritySupply ChainJavaScript
AI Security 13 Jun 2026 6 min read

Securing the AI-Powered Workplace: Understanding the New Attack Surface

A practical look at the security risks introduced by AI assistants, copilots, agents, plugins, and enterprise knowledge integrations.

AI SecurityAppSecArchitecture
Security Architecture 1 Jun 2026 3 min read

My Review: SANS SEC 530: Defensible Security Architecture and Engineering

My personal review and key takeaways from SANS SEC 530, covering security architecture, Zero Trust, monitoring, and the GDSA exam.

SANSGDSAArchitecture
Container Security 15 Nov 2025 3 min read

How to Optimize Docker Images for Speed & Security

Security-first techniques for building container images that are lean, fast, and easier to harden.

DockerHardeningSupply Chain
Threat Modeling 7 Sept 2025 4 min read

Threat Modeling with STRIDE: A Practical Walkthrough

A walkthrough of STRIDE using a simple web application architecture, designed for teaching and real-world review sessions.

STRIDEArchitectureWeb Apps
Application Security 26 Jul 2025 3 min read

Application Security: Understanding Threat Modeling for Modern Security Reviews

A practical guide to using threat modeling to keep security reviews useful, focused, and tied to real engineering decisions.

Threat ModelingSecure DesignAppSec
Security Culture 20 Jan 2025 4 min read

So You Got Hacked: Whose Fault Is It?

A plain-language look at accountability after a breach, and how teams can turn blame into better engineering habits.

RiskAccountabilityIncident Response
Security Career 9 Nov 2024 3 min read

How to Start Your Career in Cybersecurity: A Friendly Guide

A beginner-friendly path into cybersecurity, including how to learn the fundamentals without getting lost in noise.

LearningCybersecurityCareer
Web Fundamentals 25 Jun 2023 5 min read

What is an API? A Beginner’s Guide

A simple explanation of APIs and how applications communicate, useful groundwork for web application security thinking.

APIsWeb AppsBeginners