The whole garden

All Ideas

9 notes growing here — sort and filter to find a path through them.

Sort Tag Maturity

Software Supply Chain as an Adversary Playbook

Modern breaches increasingly enter through dependencies and build pipelines rather than production apps.

🌱 Seedling supply-chaindevsecops Jun 11, 2026
Zero Trust as Verify-Everywhere, Not VPN Replacement

Zero trust means every request is authenticated and authorized regardless of network location.

🌿 Budding zero-trustidentity Jun 10, 2026
Attack Trees for Structured Threat Modeling

Attack trees turn vague security worries into a hierarchy of concrete, testable adversary goals.

🌳 Evergreen threat-modelingsecurity-engineering Jun 8, 2026
Security Review Cadence as Operational Memory

A recurring review rhythm turns isolated security observations into durable operational memory.

🌿 Budding weekly-reviewsecurity-operations May 29, 2026
Detection Engineering as a Feedback Loop

Detection rules improve fastest when every alert is treated as feedback on assumptions.

🌿 Budding detection-engineeringsecurity-operations May 9, 2026
Access Review Patterns That Catch Drift

Access reviews catch more risk when they focus on entitlement drift and business context.

🌿 Budding identitygovernance Apr 26, 2026
Incident Debriefs Without Blame Drift

Good debrief notes preserve causes, decisions, and repairs without turning into blame records.

🌳 Evergreen incident-responsesecurity-operations Apr 12, 2026
Vendor Risk Triage for Small Teams

Small teams need a vendor risk process that quickly separates critical dependencies from routine suppliers.

🌱 Seedling vendor-riskgovernancesupply-chain Mar 22, 2026
Secure Defaults Reduce Review Load

Strong defaults make weekly review easier by shrinking the number of exceptional decisions.

🌳 Evergreen secure-by-designgovernance Mar 5, 2026