About
The perspective behind dfensive.ai.
Background
More than thirty years in cybersecurity, starting long before the field had that name. The work has spanned network security, incident response, security architecture, risk management, and — more recently — the intersection of artificial intelligence with all of those disciplines.
The common thread across three decades has been a focus on how security programs actually improve. Not how they comply with requirements. Not how they respond to the latest crisis. How they build the kind of institutional knowledge and systematic practice that makes them measurably better over time.
Philosophy
Security is a practice, not a product. The organizations that do it well treat it as a discipline that requires continuous investment in people, processes, and institutional learning. The ones that struggle tend to look for shortcuts — tools that promise to solve problems that are fundamentally human, frameworks that substitute compliance for competence, strategies built on fear rather than evidence.
Artificial intelligence is the latest technology to be loaded with unrealistic expectations. It is also genuinely useful when applied with appropriate humility. AI can surface patterns humans miss, process data at scales humans cannot, and augment analysis in ways that make security teams more effective. What it cannot do is replace the judgment, context, and institutional knowledge that experienced security professionals bring to their work.
dfensive.ai exists to explore that boundary — where technology amplifies human capability and where it falls short — with the kind of honest analysis that serves practitioners rather than vendors.
Mentoring and Training
A significant part of three decades in security has been spent teaching and mentoring. Training junior analysts, mentoring mid-career professionals making the transition to leadership, and helping senior leaders communicate security to boards and executives.
This work continues through advisory engagements and through the content published here. The weekly briefing is, in part, the kind of analysis that used to happen in hallway conversations and mentoring sessions — made available to a broader audience.
Good security practitioners are made through experience, guided practice, and access to thoughtful perspective. If anything published here contributes to that process, it has served its purpose.
Continue the conversation
Whether through the weekly briefing, an advisory engagement, or simply a thoughtful exchange — there is always value in connecting with others who care about doing security well.