People Over Policies, Pt. 9 — Tools Don’t Make You Secure John Hammond once wrote: “Don’t forget, 0-days wouldn’t happen if you had just bought that one vendor’s EDR, MDR, XDR, NDR, RDR, NXDR, ODR, PDR, LDR, QDR, VDR, JDR, KDR, IDR, 1DR, 4DR, DDR, ZDR, YDR, ⧫DR, 🟋DR, 🙻DRR, DRDRDR, AIDR solutions they emailed […]

People Over Policies, Pt. 8 — Trust Is the Real Firewall You can’t firewall a lack of trust. You can buy the best technology, implement the strongest controls, and build the tightest perimeter—but if your people don’t trust leadership, don’t trust each other, or don’t trust the mission… you’re already compromised. Trust is what keeps […]

People Over Policies, Pt. 7 — Leadership in the Trenches Leadership in cybersecurity isn’t about control.It’s about credibility. Anyone can sign policies.Not everyone can stay calm when the alerts flood in, the SOC is on fire, and the board wants answers yesterday. When things break, your team doesn’t look to the org chart.They look to […]

People Over Policies, Pt. 6 — Awareness Over Automation We can automate alerts.We can automate responses.But we can’t automate accountability. Every tool we add—AI, SOAR, EDR—makes us faster, smarter, more efficient.But if awareness drops, if curiosity fades, if people stop asking why… we’re not getting more secure.We’re just getting more complacent, faster. Automation should amplify […]

People Over Policies, Pt. 5 — When Frameworks Fail, People Don’t Frameworks give us structure.But structure alone doesn’t save you when everything goes wrong. I’ve seen the best-written playbooks fall apart under pressure—Not because they were wrong,but because they couldn’t predict people. In the real world, it’s the human decisions—the quick judgment calls, the trust […]

Firewalls block packets.Culture blocks complacency. You can deploy every control in the book—MFA, EDR, SIEM, SOAR—but if your people don’t care, don’t ask questions, or don’t feel safe reporting mistakes… you’ve already been breached. Over the years, I’ve learned that the strongest defense isn’t at the perimeter—it’s in the mindset of your team.It’s the engineer […]

I’ve heard it all my life: “Women can’t do that.” “Women aren’t as strong as men.” Or my personal favorite— “That’s a man’s job.” Cringy, I know. I’m not a feminist. I’ve just had the best seat in the house. Growing up as the youngest of three, I had a front-row view. My older sister […]

People Over Policies, Pt. 3 — The First 24 Hours of an Incident Response No policy survives first contact with an incident. When a breach, outage, or ransomware alert hits, every second counts—and every assumption gets tested.The playbooks are important, but what really matters in those first 24 hours isn’t the policy binder.It’s the people […]

The Air-gap Network That Saved Us How a 2014 Compliance Requirement Became Our 2018 Ransomware Recovery Plan In cybersecurity, you don’t always build systems for the problems you expect.Sometimes, the thing that saves you was never meant to exist for that reason at all.That’s exactly what happened to us. 2014 — A Contract, a Quake, […]