Field Notes
MSPs and the shared-responsibility blind spot
Most MSP contracts assume their platform vendors handle security. They mostly don't. Here's where the gap usually opens up.
Read full postIn the Lab
What we’re seeing, building, and shipping.
Field notes from active engagements, vulnerability watch posts, and the frameworks our team is running on real client work. Updated as we publish.
AI Security
AI coding assistants changed what we find on pen tests
Six months of pen test data shows a real shift in vulnerability patterns. Less SQLi, more prompt injection and overpermissioned service accounts.
Read full postPlaybook
SOC 2 in 90 days: what we actually do during the sprint
A breakdown of the four-phase compliance sprint we run for first-time SOC 2 clients. No magic, just sequencing.
Read full postFramework
Vendor risk reviews when your vendor is now an AI company
Half the SaaS in your stack added an AI feature in the last 12 months. Your vendor questionnaire probably doesn't ask about it.
Read full postField Notes
What actually happens in the first hour of an incident
A timeline from one of our recent IR engagements, with names changed. The first hour matters more than the next forty.
Read full postReady to scale security across your operations?
Deploy security, compliance, and AI capabilities without building internal teams.
Schedule a Consultation