Gene's Field Notes

Wired to break things. Built to secure them.

Cloud security and AI governance for the environments where failure isn't an option. No vendor spin, just field notes from someone still doing the work.

Latest

The Authorization Layer AI Agents Actually Need

ai-security mcp aws

The Authorization Layer AI Agents Actually Need

AI agents inherit developer credentials by default. Here is how to give agents a separate identity, enforce a permission ceiling with Cedar and Amazon Verified Permissions, and make the ceiling unbreakable even by admins.

May 27, 2026 · 12 min read

Serverless Doesn't Mean Low Blast Radius

Serverless Doesn't Mean Low Blast Radius

May 20, 2026

Your Developers Are Already Running MCP Servers. Here's the Control Gap.

Your Developers Are Already Running MCP Servers. Here's the Control Gap.

May 13, 2026

MCP Servers Are a Shadow IT Problem You Don't Know You Have Yet

MCP Servers Are a Shadow IT Problem You Don't Know You Have Yet

May 6, 2026

How Do You Know If You're Being Targeted Right Now?

How Do You Know If You're Being Targeted Right Now?

April 29, 2026

More Posts

60 Days to Tell You. 60 Minutes to Sell Your Data.

security data-privacy hipaa

60 Days to Tell You. 60 Minutes to Sell Your Data.

April 22, 2026 · 8 min read

How Credential Stuffing Actually Works Now

security data-privacy

How Credential Stuffing Actually Works Now

April 19, 2026 · 7 min read

How MFA Gets Bypassed (And What Actually Protects You)

How MFA Gets Bypassed (And What Actually Protects You)

April 18, 2026 · 8 min read

What to Do After a Data Breach (A Practitioner's Runbook)

security data-privacy identity-theft

What to Do After a Data Breach (A Practitioner's Runbook)

April 16, 2026 · 5 min read

Navigating Security in the Generative AI Era

security ai generative-ai

Navigating Security in the Generative AI Era

November 15, 2025 · 6 min read

What Motivates Attackers to Come After You?

security data-privacy

What Motivates Attackers to Come After You?

November 1, 2022 · 5 min read

Web Account Security Hygiene: What I Actually Do (2026 Update)

security data-privacy

Web Account Security Hygiene: What I Actually Do (2026 Update)

November 1, 2022 · 7 min read

How to Protect Yourself From Credential Stuffing Attacks

security data-privacy

How to Protect Yourself From Credential Stuffing Attacks

November 1, 2022 · 8 min read

Creating an Incident Response Plan

security data-privacy

Creating an Incident Response Plan

November 1, 2022 · 6 min read