Every cybersecurity vendor now writes with the same AI tools. The one thing they can't generate is editorial judgment. I run editorial standards across the Cortex and Unit 42 portfolio at Palo Alto Networks, where the job is making sure the work sounds like a person who knows the material, not a model that skimmed the brief.
I spent five years exposing vulnerabilities as a journalist before I moved in-house. I still write. Most days, I decide what good looks like and hold the line on it.
From breaking news at DEF CON to running editorial for one of the largest portfolios in cybersecurity. Same job, different chair.
Directing editorial standards and strategy across the threat intelligence and security operations portfolios. I co-author premium research and whitepapers, and I make the dry stuff worth a practitioner's time.
Embedded with the Managed Threat Response squad. Translated raw forensic telemetry and day-to-day incident chatter into high-pickup MTR casebooks and investigative analyses.
Exposing vulnerabilities, reporting election security from DEF CON's Voting Village, covering keynotes from Black Hat to RSA, interviewing security leaders, and producing the longform feature on CISO burnout that gets passed around every time the topic comes up.
A few things I wrote, directed, and produced. Pick the one that doesn't sound like cybersecurity.
A Sherlock Holmes–style narrative tracking an email security incident, illustrating how AI identifies and mitigates deceptive mail payloads. Proof that you can teach a product story without putting people to sleep.
Acclaimed longform on the mental health, liability, and rapid turnover that comes with running corporate security in 2020. Still cited.
Hard-boiled detective framing applied to the forensics behind a backdoor implant in a SolarWinds Orion server. Highest pickup of the casebook series.
Recorded live at DEF CON with Mileva Security Labs' Harriet Farlow on why nobody knows their AI models are hackable, and why policy is asking the wrong questions.
Co-authored flagship study translating Unit 42's incident caseload into actionable intelligence on credential reuse and rapid boundary scanning.
A narrative limerick — written for National Limerick Day — that explains Security Orchestration, Automation, and Response workflows. Yes really.
Not everything I'm proud of started as a document. Two properties I conceived and directed.
I came up with it, wrote every line of copy, designed how it looked and played, and ran the agency that built it. A browser game that teaches the Cortex XSIAM platform by putting you in the chair and making you run a SOC. It became an event-floor and social favorite, which is not a sentence anyone expects to write about security marketing.
Palo Alto Networks' flagship security podcast. I helped conceive it and produce it from the first episode. 117 episodes, more than 1.58 million downloads, north of $62 million in audience attention value. It doesn't sell product. It earns the audience's time.
Every team at every vendor ships content from the same models now. The work that survives contact with a practitioner is the work somebody made decisions about. That decision-maker is the job.
Across the Cortex and Unit 42 portfolio, I set the standard and hold the line on it. I killed 'machine speed' as a crutch phrase and pushed proactivity and autonomy as the differentiators that actually mean something. I ran the consistency audits across the Unit 42 service pages. I built the voice system the team writes against. I coordinate editorial output across a cross-functional team of fifteen, and I'm usually the one deciding whether a piece is ready to ship.
The marquee work runs through me: the agentic SOC whitepaper, the Koi endpoint acquisition whitepaper, XDR for Dummies, the XSIAM and AgentiX messaging. My name isn't always on the byline. The judgment is.
AI-powered security operations platform transforming legacy SIEM infrastructures.
Network, endpoint, and cloud detection & response ecosystem.
Orchestration, automation & response models that streamline incident cycles.
Attack surface discovery and management, mapping active exposures globally.
Managed threat hunting, incident response, and global threat intelligence.
Centralized cloud security analytics, asset tracking, and vulnerability compliance.
Open to consulting, freelance commissions, podcast appearances, and the rare full-time conversation. Quick replies guaranteed if the email isn't a press release.