Field notes from
the war room.

2026-05-18

Inside the NNSEC war room

Why we rebuilt the public surface around one accountable retainer and a single findings language.

2026-05-14

Read-only cloud connectors by design

How assessment IAM is reviewed in CI before any connector reaches your estate.

2026-05-10

Agentic SOC without theater

Human approval on every consequential playbook step — illustrated containment windows.

2026-05-06

The authorization vault

Hash-chained scope records for every offensive run — procurement-friendly and auditor-readable.

2026-05-02

Evidence objects, not slide decks

When posture improves, compliance artifacts update — regressions surface to auditors and engineers together.

2026-04-28

One severity model across six clouds

OCSF-aligned events so AWS misconfigurations compare fairly to Azure and on-prem agents.

2026-04-22

CMMC readiness without tool sprawl

Defense contractors aligning 800-171 controls to live posture and authorized testing.

2026-04-16

DDQ velocity for fintech

Security questionnaires answered from production truth instead of stale policy PDFs.

2026-04-10

HIPAA trails that auditors trust

PHI handling, logging hygiene, and tabletop IR in one retainer rhythm.

2026-04-04

Threat intel fused with posture

Actor TTPs mapped to detections your tenant already runs — fewer disconnected briefings.

2026-03-28

Deception with explicit scope

Honeypots placed where production teams expect them — useful signal without surprise assets.

2026-03-22

DNS as an early warning layer

Resolution monitoring and tunneling detection for customer-facing and internal zones.

2026-03-16

Board-ready risk narratives

Quarterly packs sourced from live platform data — investment cases leadership can defend.

2026-03-10

SIEM forwarding that preserves context

Splunk, Elastic, and Sentinel stay — normalized events and approvals flow both ways.

2026-03-04

Behavior baselines before zero-day hype

ML-assisted scoring for identities and data paths static rules miss.

2026-02-26

What accountability means on a retainer

Named leads, monthly cadence, and one contract — not rotating ticket queues.

2026-02-18

Securing AI/ML GPU estates

Training data paths, inference APIs, and cryptomining abuse in one assessment model.

2026-02-10

Week one onboarding playbook

Discovery, signed manifests, and first baselines — predictable for platform and GRC alike.