Security writing worth a practitioner's time.

SecureForge publishes deep, technical articles for the security industry — threat intelligence, application and cloud security, GRC, and careers. No vendor fluff, no recycled listicles. Just the work, explained by people who do it.

Read the latest →Write for us

Featured

This week on SecureForge

Threat Intelligence9 min read

Anatomy of a Modern Phishing Kit

Adversary-in-the-middle kits now defeat most MFA. Here's how they're built, sold, and detected.

Dana Whitlock

Jun 9, 2026

Read →

AppSec7 min read

Shifting Left Without Breaking the Build

Security gates that block every PR get disabled within a quarter. A pragmatic model for AppSec that engineers keep.

Marcus Lee

Jun 2, 2026

Read →

Cloud Security8 min read

Least Privilege Is a Process, Not a Policy

Static IAM reviews age the moment they're approved. How leading cloud teams keep permissions converging on what's actually used.

Priya Shah

May 21, 2026

Read →

Beats we cover

Six beats, one standard.

Every article has to teach a practitioner something they can use Monday morning.

◎

Threat Intelligence

Campaign teardowns, actor tracking, and IOC analysis from the field.

</>

AppSec

Secure SDLC, code review, fuzzing, and vulnerability research.

☁

Cloud Security

IAM, posture management, and securing multi-account estates.

GRC

Risk, compliance, audits, and turning frameworks into real controls.

⌖

Physical Security

Access control, surveillance, and converged physical-cyber programs.

↗

Careers

Hiring, certifications, and building a path in the security industry.

For contributors

Got something the field should read?

We accept original articles from security practitioners. The bar is high and the review is human — but every accepted piece reaches an audience that ships security for a living. Read the guidelines before you pitch.

Read the guidelines Submit an article