Insights on cybersecurity, architecture, and engineering
Keepacy is a secure vault and delivery system for the things families actually need when someone is gone. Here's how we built it, and why.
Read more →SOC 2, ISO 27001, HIPAA, CMMC — passing them is not the same as being secure. Compliance describes a floor, not a ceiling.
Read more →Blast radius — how damage propagates from a single point of failure — is a design choice. Most architectures are brittle on containment.
Read more →Zero trust was a response to architectures that assumed safety based on location. AI agents are being deployed with the same assumption.
Read more →When an AI agent acts on behalf of a user, the identity model is more complicated than 'the user authorized it.' That gap has consequences.
Read more →How we built uRoute's freight optimization software — multi-module Java TMS with an automated load-matching engine that delivers 15-30% freight cost reduction for broker operations.
Read more →I've been running an AI system with real access to real infrastructure. The architecture, the decisions, and what I'd do differently.
Read more →Prompt injection is being treated as a prompt problem. It isn't. It's an architecture problem — and it's the same one we've already described.
Read more →AI is being described as a fundamental transformation of the security landscape. Some of that is true. Most of the important parts aren't.
Read more →Humans make mistakes at a predictable rate. Security is one of the last domains still designing systems that require perfect behavior.
Read more →MFA was supposed to end credential theft. It didn't. Understanding why reveals the architectural mistake we keep making.
Read more →Why treating authentication as a one-time gate instead of a continuous signal is the root cause of credential theft incidents.
Read more →How we built a federated lung cancer research platform for IASLC — hub-and-spoke architecture, portable Docker algorithm containers, and 80% compute reduction across 10+ international sites.
Read more →How we designed a linear broadcast scheduling interface for NBCUniversal — 20+ network feeds, time-zone math, zero-downtime deployments, and the architecture that holds it all together.
Read more →How we built lung cancer screening software on the bones of VA-PALS — modernizing MUMPS to TypeScript, integrating AI-assisted CT reading, and shipping it to three continents.
Read more →