Writing
Essays from a practitioner.
Essays where the analysis is more prescriptive than the research surface, or where the topic doesn't yet have enough evidence to anchor as a tracked hypothesis. The voice is the same; the framing is essayistic. Updated as the work warrants — not on a schedule.
-
Independent measurement
Why vendor benchmarks are the only benchmarks.
Most enterprise security data platforms restrict their customers from running competitive performance tests. The implication: every published 'X% faster than your SIEM' benchmark is vendor-funded by structural design, not by accident. The fix isn't more open-source benchmarks; it's a different distribution model for independent measurement.
Read →
-
Sovereignty
The question American CISOs aren't asking.
Sovereignty isn't European protectionism. It's architectural resilience: the ability to operate critical security infrastructure without dependence on foreign entities that could restrict access during geopolitical conflicts. Most US CISOs aren't asking the question yet.
Read →
-
MCP
MCP beyond chat. If it works.
Two infrastructure vendors — Tenzir and Databricks — announced MCP servers in late 2025 that aren't chat enhancements. They're positioning the Model Context Protocol as the orchestration layer for AI-generated data pipelines. The claims are big. The validation isn't there yet.
Read →
Notifications
Get a note when a new essay or benchmark publishes.
Low-volume. Essays as they ship; quarterly benchmark reports; nothing else. No drip campaigns.
The hypothesis-grounded work — eight anchor hypotheses with evidence tiers, twenty-two contradictions tracked over time, and the method-in-practice essay — lives on the research page. The program POV that connects them is on thesis.