Security Articles
Practical security writing
Articles on application security, threat modeling, container hardening, APIs, and the habits behind stronger engineering teams.
NPM Supply Chain Attacks: When Your JavaScript Dependencies Become a Security Risk
A practical introduction to how npm dependencies, transitive packages, maintainer accounts, and installation workflows can become supply chain security risks.
Securing the AI-Powered Workplace: Understanding the New Attack Surface
A practical look at the security risks introduced by AI assistants, copilots, agents, plugins, and enterprise knowledge integrations.
My Review: SANS SEC 530: Defensible Security Architecture and Engineering
My personal review and key takeaways from SANS SEC 530, covering security architecture, Zero Trust, monitoring, and the GDSA exam.
How to Optimize Docker Images for Speed & Security
Security-first techniques for building container images that are lean, fast, and easier to harden.
Threat Modeling with STRIDE: A Practical Walkthrough
A walkthrough of STRIDE using a simple web application architecture, designed for teaching and real-world review sessions.
Application Security: Understanding Threat Modeling for Modern Security Reviews
A practical guide to using threat modeling to keep security reviews useful, focused, and tied to real engineering decisions.
So You Got Hacked: Whose Fault Is It?
A plain-language look at accountability after a breach, and how teams can turn blame into better engineering habits.
How to Start Your Career in Cybersecurity: A Friendly Guide
A beginner-friendly path into cybersecurity, including how to learn the fundamentals without getting lost in noise.
What is an API? A Beginner’s Guide
A simple explanation of APIs and how applications communicate, useful groundwork for web application security thinking.