Websauna Co / Cybersecurity
I’ve spent a lot of time testing biometric systems and threat modelling authentication flows for mobile apps and kiosks. Face biometrics are convenient and increasingly common, but they invite a wide range of “liveness” or spoofing attacks —...
Read more... →
I remember the first time I had to migrate an authentication system for a business unit: months of planning, frantic late-night debugging, and a growing pile of post-it notes stuck to the monitor. Passwords were everywhere—hard-coded in scripts,...
Read more... →
Fine-tuning GPT-style models on proprietary customer data is one of those tasks that promises huge value—better, more contextual outputs; fewer hallucinations for domain-specific prompts; and a competitive edge in automation and support. It’s...
Read more... →
I started auditing third-party npm packages the hard way: by getting burned — a dependency pulled in a small, obfuscated postinstall script that sent environment variables back to a server. Since then I’ve developed a workflow that blends...
Read more... →
I’ve helped small engineering teams move from ad-hoc VPNs and open security groups to a zero-trust networking model that actually scales with a remote-first culture. In practice, zero trust isn’t a single product you buy — it’s a set of...
Read more... →
I’ve spent years helping teams choose and deploy security controls that actually get used — not just tick boxes for compliance. When it comes to multifactor authentication (MFA), the biggest failure isn’t cryptography or standards: it’s...
Read more... →
I’ve been tracking the slow, steady shift toward passwordless authentication for years now — testing products, probing security claims, and watching organizations wrestle with the trade-offs. Passwordless is no longer a futuristic checkbox; for...
Read more... →
I want developer pipelines that are secure, fast, and simple to understand. Over the years I’ve seen teams over-engineer CI/CD so much that it becomes the riskiest part of their product: secrets scattered in variables, build steps that run as...
Read more... →
I’ve spent years building and securing cloud-native apps, and one lesson keeps coming back: even a single small virtual machine (VM) exposed to the internet can become your weakest link if you don’t harden it. This guide walks you through a...
Read more... →
I get asked a lot: can you trust OpenAI’s API with sensitive business data? As someone who tests and writes about cloud services and security, my short answer is: “it depends.” But that’s not very useful on its own. Below I walk through a...
Read more... →