Artificial intelligence is no longer a future concern for security teams — it is a present one. As organisations race to integrate large language models (LLMs), generative AI tools, and ML-powered systems into their products, security engineers face an entirely new threat landscape that traditional AppSec frameworks were not designed to address. This post covers the most critical AI security risks, the emerging standards you need to know, and practical steps to start building

Chapter 1 of "Extreme Ownership" by Jocko Willink and Leif Babin introduces the foundational principle of taking full responsibility for everything in your realm of leadership. This principle is not just a guiding philosophy but a practical approach to effective leadership. The Essence of Extreme Ownership Extreme Ownership is the mindset where leaders take absolute responsibility for the successes and failures of their team. When something goes wrong, the leader does not bla

Building a port scanner in Go is an excellent way to learn both network programming and Go's powerful concurrency model. Port scanners are fundamental tools in security reconnaissance — understanding which ports are open on a target system is the first step in any security assessment. Go is an ideal language for this task because of its goroutines and channels, which make concurrent network operations both efficient and readable. Basic approach: Create a TCP dial attempt fo

Content Security Policy (CSP) is a browser security mechanism that helps prevent cross-site scripting (XSS) and data injection attacks. It works by allowing web developers to specify which content sources are trusted, and instructing the browser to reject all others. How it works: CSP is delivered via an HTTP response header (Content-Security-Policy) or a meta tag. The policy consists of directives that specify allowed sources for different content types: scripts, styles, im

Extreme Ownership: How U.S. Navy SEALs Lead and Win by Jocko Willink and Leif Babin is one of the most impactful leadership books of the past decade. Drawing from their experiences leading SEAL Team Three in the Battle of Ramadi during the Iraq War, Willink and Babin distill battlefield leadership principles into practical guidance applicable to any organisation. The central thesis is simple but demanding: leaders must own everything in their world — there are no excuses. Ea

Content Security Policy (CSP) is one of the most powerful defences against Cross-Site Scripting (XSS) attacks. The script-src directive controls which scripts are permitted to execute in the browser, effectively blocking injected malicious scripts even if an attacker manages to inject content into your page. Key script-src approaches: nonce-based CSP: A cryptographically random nonce is generated per request and embedded in both the HTTP header and script tags. Only scripts

In dynamic and often unpredictable environments, leaders must be able to make decisions quickly and effectively, even when they don't have all the information they'd like. Decisiveness amid uncertainty is not recklessness — it is the disciplined application of judgment under pressure. Effective leaders gather the best available information, assess risk, consult trusted advisors, and then commit to a course of action. They understand that a timely, imperfect decision is usuall

In high-pressure environments, leaders face multiple simultaneous problems competing for attention. The Prioritize and Execute principle from Extreme Ownership teaches leaders to step back, assess the situation calmly, identify the single most important problem, and direct all resources toward solving it before moving on to the next issue. In security engineering, this is especially critical. Vulnerability backlogs, compliance deadlines, incident response, and infrastructure

For a leader to effectively lead and inspire their team, they must genuinely believe in the mission, the plan, and their people. Belief is not blind optimism — it is a reasoned, evidence-based conviction that the team can succeed and that the mission matters. In security leadership, this means believing in the value of your work: that protecting users' data and systems is meaningful, consequential work worth doing well. Leaders who lack this conviction communicate it unconsci

One of the most powerful lessons from Extreme Ownership is that there are no bad teams, only bad leaders. This principle challenges us to look inward when our teams underperform rather than blaming team members. In security and engineering leadership, this means when a team misses a deadline, ships a vulnerability, or fails to communicate effectively — the leader must first ask: What could I have done differently? The principle was illustrated dramatically in Jocko Willink's

James Clear's Atomic Habits provides a practical framework for building good habits and breaking bad ones. The core insight is that tiny, consistent improvements compound into remarkable results over time. Here are 10 steps to transform your life using atomic habits: 1. Make it obvious: Use implementation intentions and habit stacking to trigger desired behaviours. 2. Make it attractive: Pair habits you want to build with things you enjoy. 3. Make it easy: Reduce friction fo

Morgan Housel's The Psychology of Money is one of the most insightful books on personal finance in recent years. Rather than focusing on technical investing strategies, Housel explores the psychological and behavioural dimensions of financial decision-making. Here are the 10 key takeaways: 1. No one is crazy: Everyone's financial decisions make sense given their unique experiences and context. 2. Luck and risk: Both play a massive role in financial outcomes — more than we ty

This blog series explores foundational leadership principles drawn from military doctrine, management science, and real-world experience in high-stakes security engineering environments. Effective leaders in the modern business landscape must navigate constant uncertainty, rapid technological change, and complex team dynamics. The principles explored here — from mission clarity to decentralised command — offer a timeless framework applicable whether you lead a product securit