Field NotesA personal knowledge wiki — ideas distilled from books, papers, conversations, and courses.https://example.com/Software Supply Chain as an Adversary Playbookhttps://example.com/ideas/supply-chain-security/https://example.com/ideas/supply-chain-security/Modern breaches increasingly enter through dependencies and build pipelines rather than production apps.Tue, 09 Jun 2026 00:00:00 GMTZero Trust as Verify-Everywhere, Not VPN Replacementhttps://example.com/ideas/zero-trust-principles/https://example.com/ideas/zero-trust-principles/Zero trust means every request is authenticated and authorized regardless of network location.Wed, 03 Jun 2026 00:00:00 GMTAttack Trees for Structured Threat Modelinghttps://example.com/ideas/attack-tree-analysis/https://example.com/ideas/attack-tree-analysis/Attack trees turn vague security worries into a hierarchy of concrete, testable adversary goals.Fri, 22 May 2026 00:00:00 GMTSecurity Review Cadence as Operational Memoryhttps://example.com/ideas/security-review-cadence/https://example.com/ideas/security-review-cadence/A recurring review rhythm turns isolated security observations into durable operational memory.Fri, 15 May 2026 00:00:00 GMTDetection Engineering as a Feedback Loophttps://example.com/ideas/detection-engineering-loop/https://example.com/ideas/detection-engineering-loop/Detection rules improve fastest when every alert is treated as feedback on assumptions.Wed, 22 Apr 2026 00:00:00 GMTAccess Review Patterns That Catch Drifthttps://example.com/ideas/access-review-patterns/https://example.com/ideas/access-review-patterns/Access reviews catch more risk when they focus on entitlement drift and business context.Sat, 04 Apr 2026 00:00:00 GMTIncident Debriefs Without Blame Drifthttps://example.com/ideas/incident-debrief-notes/https://example.com/ideas/incident-debrief-notes/Good debrief notes preserve causes, decisions, and repairs without turning into blame records.Sun, 29 Mar 2026 00:00:00 GMTVendor Risk Triage for Small Teamshttps://example.com/ideas/vendor-risk-triage/https://example.com/ideas/vendor-risk-triage/Small teams need a vendor risk process that quickly separates critical dependencies from routine suppliers.Sun, 08 Mar 2026 00:00:00 GMTSecure Defaults Reduce Review Loadhttps://example.com/ideas/secure-defaults/https://example.com/ideas/secure-defaults/Strong defaults make weekly review easier by shrinking the number of exceptional decisions.Thu, 19 Feb 2026 00:00:00 GMT