About Me

I’ve spent most of my adult life inside complex systems — organizations, technology, security programs, leadership teams, and the people trying to make sense of all of it.

Some of it worked.
A lot of it didn’t.

What I’ve learned the hard way is that most failures aren’t caused by a lack of intelligence or effort. They’re caused by incentives, fear, misplaced confidence, and an unwillingness to tell the truth early — especially when it’s uncomfortable.

That observation sits underneath almost everything I write.

Where I’m coming from.

My background is in information security. I’ve spent decades advising leaders, building programs, responding to failures, and watching the same problems repeat themselves under different names and frameworks.

Titles and credentials matter less to me than results.

I’ve seen what happens when security becomes theater.
I’ve seen what happens when leadership avoids accountability.
And I’ve seen how quickly good people can make bad decisions inside broken systems.

Personally, I’m still learning — about leadership, balance, mental health, and what responsibility looks like when the answers aren’t clean.

I don’t write from a distance. I write from inside the mess.

What I’ve learned (so far).

A few things have become clear over time:

  • Clarity is rare — and valuable.
  • Complexity doesn’t excuse irresponsibility.
  • Confidence without competence is dangerous.
  • Comfort is often the enemy of progress.
  • People matter more than frameworks.
  • Saying nothing is still a choice.

These aren’t theories. They’re patterns I’ve watched play out over and over again.

Why I write the way I do.

I don’t write to motivate, brand, or perform.
I write to think clearly — and to invite others to do the same.

Sometimes that means being technical.
Sometimes it means being personal.
Often it means being uncomfortable.

That’s intentional.

If something here helps you see a situation more clearly or make a better decision, great.
If it doesn’t, you’re free to move on.

Where else you might know me from.


My work has included founding and leading information security companies, advising executives and boards, responding to major breaches, teaching thousands of security practitioners, and writing extensively about why this industry keeps failing—and what accountability actually looks like in practice.

This site, though, isn’t about any of the cool shit I’ve done, bragging, posturing, ego, etc. If you’re into that, you can grab my bio here.

This site is the most accurate representation of how I think.

That’s the context. The writing is the point.