Over the past few months, I’ve been knee-deep building an LLM-powered assistant with memory, long-term context, RAG, and the uncanny ability to break every time I so much as look … Continue reading “Tokenization: yet another thing to worry about in your AI stack”
Author by:
Dan G
Where I’ve Been
I’ve been quiet lately, not because I ran out of things to say, but because I’ve been busy tending to my modest garden, hunting for my next role, but mostly, … Continue reading “Where I’ve Been”
So What?
Have you ever sat through a security briefing, heard the words, “This CVE has a critical CVSS score of 9.8!” and thought to yourself, “Okay, great… but what does that … Continue reading “So What?”
The Cyber Ecosystem Shift
As federal cyber leadership pulls back, the balance is shifting across states, agencies, and industries. Here’s what that means—and why timing matters. Ecosystems are interconnected, interdependent systems. Think of a … Continue reading “The Cyber Ecosystem Shift”
FFFFFFFound in the archive
I was cleaning up my hard drive when I found an unpublished blog post I had written in 2008 during my stint at American Airlines as an information security architect. … Continue reading “FFFFFFFound in the archive”
Secure the Vibe
Vibe coding is a rising trend in software development where programmers rely on intuition over established practices, documentation, and security checks. This approach, likened to improvisational jazz, has become popular in the era of generative AI tools that suggest code without thorough understanding, leading to insecure applications. Although it may appear efficient, vibe coding often results in bugs, security breaches, and technical debt, as foundational practices like testing and threat modeling are overlooked. Both development and security teams have fallen into similar traps, prioritizing speed over safeguard measures, necessitating a collaborative shift towards disciplined coding practices for better security outcomes.
Follow-Up: Yes, Risk Assessments Matter. No, Accepting Risk Isn’t a Strategy.
First off, I’m thrilled the original post hit a nerve—the good kind, mostly. But it seems some folks thought I was saying we should throw risk assessments out the window … Continue reading “Follow-Up: Yes, Risk Assessments Matter. No, Accepting Risk Isn’t a Strategy.”
Hackers Don’t Check the Risk Register
Why Over-Reliance on Risk Management is Hurting Cybersecurity Imagine you’re gearing up for a fight. You know your opponent’s strengths, weaknesses, and favorite moves. But instead of training, sharpening your … Continue reading “Hackers Don’t Check the Risk Register”
The Real Cost of AI Isn’t Just the Price Tag
OpenAI’s rumored plan to charge $20,000 a month for “PhD-level” AI agents is making headlines, but the real concern isn’t the price—it’s the implications. This leak feels like a market … Continue reading “The Real Cost of AI Isn’t Just the Price Tag”
Lateral Movement is Ludicrous Speed, and Your Security Needs to Keep Up
Cyberattacks are no longer slow, methodical heists. They’re smash-and-grab operations at ludicrous speed. According to ReliaQuest, attackers can move laterally inside your network in just 27 minutes, with an average … Continue reading “Lateral Movement is Ludicrous Speed, and Your Security Needs to Keep Up”