Extending Web Standards for the Agent Era and Beyond

Agent governance keeps inventing new protocols. HTTP has been extended through headers for 26 years without tollbooths. Why that's the playbook to copy.

• innovation
• governance
• grc
• standards
• mcp
• ai

Unencrypted by Default (And Other Dirty Secrets)

Vercel's 2026 breach exposed credentials across thousands of orgs. The deeper problem: env vars stored unencrypted by default. The full attack chain, mapped.

• toolchain
• business continuity
• governance
• security
• scaling

Your Technology Decisions Reflect Your Priorities (And Your Values)

Your tech stack encodes what you believe. A look at the CIO landscape across five dimensions, and why your AI posture is the most honest signal of intent.

• innovation
• management
• organizational development
• technology strategy
• consulting
• risk

Context Engineering on Your Terms

Tools that shrink Claude Code's context can save tokens you can't audit. A governance-first alternative: visible, in-repo command variants you fully control.

• innovation
• claude
• llms
• teams
• context
• ai

“Stability Bias” Is The New “Fight Club” in ChatGPT

Turns out ChatGPT, when presented with the challenge of supporting criticism of OpenAI, will just about refuse in favor of its own bias.

• chatgpt
• marketing
• bias
• ai

AI Enablement Is Not AI Governance

Governance and enablement are different jobs. Conflate them and you get policies nobody follows and shadow AI everywhere. Why you need both, as partners.

• innovation
• enablement
• organizational development
• governance
• ai

The Monkeys, the Librarian, and the Magician

Scaling curves to AGI hide diminishing returns on a log scale. Why LLM scaling alone won't get there, and what the agentic counterargument quietly concedes.

• llms
• governance
• scaling
• ai
• roi

From Shadow IT to Shadow AI: A Practitioner's Guide to Discovery and Containment

Shadow AI arrives embedded in tools you already approved. 83% think staff use AI; 31% have policies. A practitioner's guide to discovery and containment.

• risk management
• governance
• grc
• shadow
• ai

The MCP Security Problem

Research exposed 3,000+ vulnerable MCP servers and thousands of leaked API keys. Every AI integration creates security debt. How to secure MCP at scale.

A Blueprint for Rebuilding Your Consulting Practice Around Assessments

How I rebuilt a consulting practice around AI-powered assessments, so prospects experience the methodology before they ever book a call.

• automation
• development
• consulting
• ai

Implementing NIST AI RMF: Managing (Part 4 of 4)

Pilot governance collapses in production. Part 4 on the NIST AI RMF MANAGE function: risk prioritization, vendor management, and AgentOps for agent systems.

• nist
• rmf
• governance
• grc
• ai

Implementing NIST AI RMF: Measuring (Part 3 of 4)

Tracking uptime while ignoring safety is measurement theater. Part 3 on the NIST AI RMF MEASURE function: evaluating trust across seven characteristics.

• nist
• risk management
• rmf
• governance
• ai

Implementing NIST AI RMF: Mapping (Part 2 of 4)

The AI you haven't approved is the real risk. Orgs underestimate their AI footprint by 3-5x. Part 2 on the NIST AI RMF MAP function: discovery and inventory.

• nist
• inventory
• rmf
• grc
• ai

Implementing NIST AI RMF: Governing (Part 1 of 4)

Most AI projects fail on governance, not technology. Part 1 of a four-part series on turning NIST's AI RMF into governance that accelerates adoption.

Rethinking Team Topologies for AI-Augmented Development

One of the most significant changes in product-engineering collaboration since the advent of agile teams is happening now, driven by AI's ability to understand and act on our intent.

• automation
• management
• development
• teams
• ai

The Governance Gap: Why Top-Down Risk Management is Critical

Research confirms what practitioners knew: Most orgs approach IT security programs backwards.

• management
• governance
• compliance
• grc
• risk

The Matrix Approach to Incremental DRP and BCP Review

A multi-dimensional framework for maintaining disaster recovery and business continuity plans through incremental reviews, addressing the gap between documentation and actual recovery capabilities.

• disaster recovery
• business continuity
• governance
• ai

A Risk Management Analysis of Google's A2A and Anthropic's MCP

Traditional GRC frameworks weren't built for agents talking to agents. A risk analysis of Google's A2A and Anthropic's MCP, with three mitigation strategies.

• automation
• governance
• risk
• ai