Archive - Frankly Speaking

Third-party risk management needs to change

The current procurement process no longer makes sense in the AI era.

Dec 3 •

November 2025

AI Risk Evolution

We should focus on "AI for security" rather than "security for AI"

Nov 18 •

We need more security generalists

Cybersecurity has over-specialized into tool babysitting. AI and better design can bring the focus back to solving real problems.

Nov 12 •

We need to solve the security poverty line problem

There needs to be more incentives

Nov 6 •

October 2025

Thoughts on Veeam's acquisition of Securiti.ai

An acquisition worth paying attention to, but also not surprising

Oct 30 •

A letter to security vendors

A repost about my frustrations around sales-led motions

Oct 16 •

Maybe, we should stop investing in security

We should be investing in platforms with security use cases

Oct 7 •

September 2025

Will security companies disappear?

AI might accelerate some consolidation

Sep 30 •

Pangea and Lakera acquisition thoughts

Legacy security companies scrambling for AI talent

Sep 23 •

Security is worried about the wrong risks

We should be more nuanced about what matters

Sep 16 •

Should security own risk?

Maybe. We should stop arguing about risk ownership and start owning risk surfaces.

Sep 12 •

What does a first security hire look like?

There's a variety, but it really depends on what you're looking for

Sep 4 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts