ls ./topics
Topics.
Curated collections of cybersecurity writing, frameworks, and practitioner notes across AI security, threat modeling, compliance, and IoT.
- 3 posts
AI Security
AI systems break the boundary between code and data. Threat models built before LLMs miss most of what matters. Notes on red teaming, threat modeling for agents, and the practitioner's view of what classical security thinking can and cannot say about a model.
- 4 posts
Threat Modeling
STRIDE, PASTA, OCTAVE, attack trees, kill chains, MAESTRO, the five-zone method. The trade-offs decide which one fits your system. Threat modeling returns more security per hour invested than any other practice; the only frameworks worth learning are the ones that match the architecture you're defending.
- 1 post
ML Security
Layer by layer: training data integrity, model supply chain, inference-time risk. Data poisoning, model inversion, membership inference, adversarial evasion. The MAESTRO framework maps this systematically; the practitioner's job is calibrating which controls actually fit your pipeline.
- 1 post
IoT Security
IoT devices fail open by default. Threat modeling for embedded systems, firmware hardening, network segmentation, and the lifecycle controls most teams overlook. The attack surface is unique; the methodology is not. Adapt the basics with discipline.
- 1 post
Compliance & Standards
Where security frameworks meet regulatory requirements: ISO 27001 audits, the role of penetration testing as defensible evidence, and how to scope test programs so they produce findings auditors and engineers both respect.