Threat Intelligence9 min read
Anatomy of a Modern Phishing Kit
Adversary-in-the-middle kits now defeat most MFA. Here's how they're built, sold, and detected.
DW
Read →Dana Whitlock
Jun 9, 2026
The archive
Every article
Practitioner-written security writing across 6 beats. 6 published and counting.
Threat IntelligenceAppSecCloud SecurityGRCPhysical SecurityCareers
AppSec7 min read
Shifting Left Without Breaking the Build
Security gates that block every PR get disabled within a quarter. A pragmatic model for AppSec that engineers keep.
ML
Read →Marcus Lee
Jun 2, 2026
Cloud Security8 min read
Least Privilege Is a Process, Not a Policy
Static IAM reviews age the moment they're approved. How leading cloud teams keep permissions converging on what's actually used.
PS
Read →Priya Shah
May 21, 2026
GRC6 min read
Writing a Control Narrative Auditors Believe
Compliance theatre fails real audits. How to document controls that map to evidence your team can actually produce.
ER
Read →Elena Ruiz
May 12, 2026
Physical Security7 min read
Converging Physical and Cyber Access
The badge reader and the SSO portal are the same problem. Why physical-cyber convergence is finally happening.
TB
Read →Tom Becker
Apr 30, 2026
Careers6 min read
Breaking Into Security Without a CS Degree
Hiring managers don't care about your diploma. They care about whether you can demonstrate the work. Here's the portfolio that does it.
AB
Read →Aisha Bello
Apr 18, 2026