Blog

How to assign NIST RMF roles across 5 or 50 people. Which roles must never be combined. How two acquired companies handled separation of duties.

Read full article

10 min read

What trust means in business relationships. Sun Tzu, Richard Stallman, NIST trust models, and practical lessons from security questionnaires and acquisitions.

Read full article

8 min read

Senior security expertise without the full-time cost. When it makes sense and what you actually get.

Read full article

4 min read

How to get certified fast without cutting corners. A practical timeline based on real experience.

Read full article

5 min read

Security reviews don't have to be chaos. What B2B startups need to know before they open that spreadsheet.

Read full article

3 min read

If your product keeps crashing during sales calls, it's not "bad luck." It's infra debt. You need to stabilize it so you can stop sweating during Zoom calls.

Read full article

2 min read

6,228 lines of Go, 140 hours, and lessons learned building a cross-platform encrypted file sync tool with ML-KEM and X25519.

Read full article

6 min read

Post-quantum crypto isn't just for research papers. Here's how we use standardized primitives to build a signature + key exchange stack that actually works.

Read full article

4 min read

Learn how to integrate security into your CI/CD pipelines using automated scans and best practices based on the OWASP DevSecOps guidelines.

Read full article

8 min read

Benchmarks and tradeoffs: availability, integrity, and confidentiality of files.

Read full article

10 min read

XSD code generation meets go-fp. 113 generated files, 13 catalogue types, 1 generic function. How we handle healthcare data imports for Romania's national health system.

Read full article

7 min read

How I write golang in 2025

Read full article

3 min read