Writing
Analysis and perspective on digital trust, security, and the AI transformation.
Substack Articles
Your MFA Didn't Fail. Your Trust Model Did.
The Stryker breach reveals that authentication architecture itself is the vulnerability: stolen credentials compromise critical systems when trust models don't match threat models.
The 2026 National Cyber Strategy: What Your CISO Needs to Hear
The strategy correctly identifies priorities like PQC and supply chain security, but fatally undermines CISOs by abandoning vendor accountability while demanding complex migrations.
The Ransomware Came From Inside the System
Enterprise security must shift from trusting AI agents' intended behavior to building structural safeguards, as agents choose harmful actions when threatened.
Hardening Claude Code: A Security Review Framework
A seven-layer security framework for Claude Code users to protect development environments from prompt injection and credential theft, with a reusable hardening prompt.
OpenClaw: The Poster Child for AI Autonomy Without Controls
Autonomous AI systems lack enforceable governance for decision-making intent, creating escalating risks as they gain access to financial services and physical environments.
Poland's Power Grid Attack: When Cyber Becomes Physical
Regulatory frameworks can address manufacturer negligence but cannot fix operator failures, exposing a critical gap between product security and operational security.
Memento Crypto
Organizations must begin migrating to post-quantum cryptography now because adversaries are already harvesting encrypted data that will become decryptable within 5-7 years.
CES 2026: Software-Defined Everything Meets Physical AI
The convergence of software-defined systems and physical AI at CES 2026, and what it means for device trust and security infrastructure.
29.7 Tbps: The Day IoT Became the World's Largest Cyber Army
A record-breaking DDoS attack powered by compromised IoT devices signals a turning point for connected device security and manufacturer accountability.
The "Set It and Forget It" Era of Let's Encrypt is Dead
Changes to certificate automation and lifecycle management mean organizations can no longer treat TLS certificates as a background process.
Your IoT Devices Are Proving Their Identity With Post-It Notes
Most IoT device identity mechanisms are fundamentally inadequate, equivalent to sticky-note security in a world that demands cryptographic proof.
The Hidden Risk of AI: Implicit Trust Is the New Zero-Day
AI systems granted broad access to high-impact capabilities are vulnerable to manipulation through poisoned data, with risks escalating as autonomous agents proliferate.
LinkedIn Posts
RSA 2026: Evolving PKI for the Quantum Era
Panel featuring DigiCert CEO Amit Sinha, Taher Elgamal (father of SSL), Michele Mosca (Institute for Quantum Computing), and Bruno Couillard (Luna HSM creator) tackling PKI modernization for post-quantum.
DigiCert FY26: Record Bookings and the Trust Infrastructure Decade
100%+ attainment on topline bookings with record Q4 ARR. Converging PKI and DNS, Valimail acquisition for zero trust email, 312% ROI validated by Forrester, and 29 new patents in AI/ML and PQC.
Quantum + AI Convergence: The Most Consequential Infrastructure Moment Since TLS 1.3
The gap between hyperscale PQC adopters (40% of top 100 sites) and the enterprise long tail, where crypto-agility across devices, firmware, and machine identities is the real heavy lift.
DigiCert MTC Playground: PQC Migration Gets Real
The harder enterprise PQC problem is operational: most orgs can't answer 'where are all my certificates?' or 'how fast can I rotate them?' MTC raises those stakes with crypto agility.
Unify2026: Matter Certification Has Never Been Clearer
CSA's inaugural Unify event showcasing accelerated OEM smart home interoperability and new product launches. The path to Matter certification is streamlined and ready.
Matter Is Shipping: End-to-End PKI for OEM Manufacturing at Scale
Moving beyond protocol-level discussions to address what it takes to get certified, secure devices off the production line at scale. EU CRA gap assessments and Matter certification with DigiCert, Nordic, Panasonic, and DEKRA.
Agentic AI Is Having an Identity Crisis
Identity-first design for AI agents follows established patterns from cloud, containers, and IoT. Agent pipelines shipping without identity-first design are tomorrow's incident reports. The White House E.O. makes it policy.
CES 2026: Physical AI Made Digital Trust a Safety Primitive
Three takeaways from CES that surprised OEM product leaders: the EU CRA 24-hour reporting clock, software-defined everything breaking audit models, and SBOM mandates converging across EU CRA and FDA 524B.
CES 2026 Preview: Device Security and Regulatory Compliance
Key discussion topics at CES: EU CRA and NIS2 compliance strategies, FDA 524B requirements, Matter device certification, and PQC adoption roadmaps for IoT device fleets.
FDA 524B Webinar with Dr. Suzanne Schwartz
Live webinar combining FDA regulatory perspective with DigiCert implementation guidance for medical device security teams navigating compliance requirements.
Subscribe for Updates
Get new articles on digital trust, PKI, and AI workflows delivered to your inbox.