On a mission to build secure products
Build It Secure.
Lead It Forward.
Application security built by someone who has run the programs you're being asked to build, from your CI/CD pipeline to your executive strategy. Training, automation, and advisory from 25+ years in the trenches at Amazon, AWS, Disney, and SAP.
How can we help you?
Three ways to move your security program forward
The Playbook
Product Security Playbook
A weekly newsletter with actionable steps for the leaders accountable for shipping secure products.
Read the Newsletter ›The Academy
Courses & Training
Hands-on DevSecOps training that turns builders into people who ship secure pipelines.
Explore Courses ›The Work
Let's Work Together
Consulting, automation, and fractional leadership for teams building product security from the ground up.
See Services ›From the Playbook
Recent Issues
How to Defend Against Unexpected Code Execution in AI Agents
Unexpected Code Execution is the #5 risk on the OWASP Top 10 for Agentic Applications. Agentic and vibe coding tools generate code and run it in a single step, bypassing the reviews your security stack relies on. Here are the controls that put the gate back.
Read issue › June 9, 2026Feynman is Still Right
The dominant failure mode in product security isn't the code. It's the communication breakdown between the people who know how the system works and the people who decide whether it ships.
Read issue › June 1, 2026Defending Against Agentic Supply Chain Attacks
AI agents pull untrusted code, tools, and data at runtime. Here is how to defend your software supply chain when the attacker rides in through your own automation.
Read issue ›Want to join us?
Deep dives,
every Tuesday.
Join other product security leaders getting deep dives on secure products, AI security, and leadership delivered to their inbox, for free.
We respect your privacy. Unsubscribe anytime.