Spent the better part of a decade in defensive security before getting tired of writing reports nobody read. Started as a bored teenager prodding at home routers, ended up with a day job that involved a lot of NDAs and a lot of pagers. Burned out, came up for air, now writes about the internet's security posture in plain English for people who care about more than the next CVE number.
The beat is everything that happens when you mix code, networks, and humans who think they're being careful. Vulnerability disclosures, the slow grind of the open web turning into a closed mall, why every browser extension wants to read every page you visit. Has opinions on TOTP versus passkeys (passkeys, with caveats), on the state of email security in 2026 (still terrible), on whether a YubiKey is overkill for normal people (it isn't).
Information wants to be free. Your credentials should stay private. Both can be true.
Threat intel, breach analysis, privacy regressions, the surveillance economy, and the slow disappearance of the open internet. Less interested in zero-day blockbusters, more interested in the quiet trends that explain why we keep losing the same fights. Writes for the practitioner who already knows what a CVE is and wants the context underneath the headline.