Security integration · Founder strategy · Operator perspective

How the pieces fit —
and what to do when they don't.

The hardest problems in security aren't technical. I think through what that means for the people building programs and the founders building the companies behind them.

Follow the thinking
Former SVP, Palo Alto Networks · Former Accenture Security Practice Lead
CCO, Staris AI · Board Member, SDG · CEO Advisor, SRA · Founder, Passarel

What's coming

Eight pieces in progress

Five of these map to the bets every modern security program needs to be making this year, named at passarel.com. The rest are operator notes on judgment, careers, and timing. Some are solo analysis. Several are co-authored with practitioners I've worked alongside.

01 Analysis

The Discipline Gap

Organizations fail at fundamentals not because they lack tools, but because the operating discipline to make those tools function as one system was never built. AI just removed whatever friction was left.

Bet 03 · Control efficacy · Board Read →
02 Guest conversation

When to Sell

A conversation on timing, GTM strategy, and what CISOs are actually asking founders right now. Plus: the LA and OC tech scene through the lens of a VC who's watching it closely.

Alok, First Rays VC
Operator notes · Strategy & markets Coming soon
03 Analysis

Your Hiring Workflow Is a Security Workflow

DPRK actors don't hack their way in. They apply. The gap they exploit isn't a technology problem — it's that nobody owns the chain from application to provisioning.

Bet 01 · Identity Read →
04 Analysis

Your AI Agents Have No Badge, No Boss, and No Audit Trail

Every agent your business deploys makes decisions, calls tools, and delegates to other agents. Your IAM governs humans. Your network governs devices. Nothing in your stack governs what they do at runtime, and the gap is widening faster than any prior security category.

Bet 05 · Agent runtime governance Coming soon
05 Analysis

AI Can Break Your Software. Now What?

Offensive AI has compressed the timeline on every assumption about software security. This is what a realistic response looks like — not what a vendor would tell you.

Bet 02 · Offense at AI pace Coming soon
06 Co-authored

When to Stay

The discipline question applied to careers. When staying in an imperfect role is a smart investment in growth, credibility, or timing — and when it's something else entirely.

Ioana Bazavan, CEO of Seaswell
Operator notes · Leadership & careers Coming soon
07 Analysis

Genuine Opportunity or Noise

How to evaluate unusually persistent inbound — from startups, recruiters, or investors — when the signal is unclear. The framework maps directly onto how you should evaluate early-stage vendors.

Operator notes · Judgment Coming soon
08 Co-authored

Who Actually Owns Security Accountability?

The CISO is accountable. The board is responsible. The asset owners are neither. A conversation on what real security governance looks like — and why the current model keeps failing.

Bob Zukis, Digital Directors Network
Bet 03 · Governance · Board Coming soon

Work with me

Passarel

If you're a security leader trying to figure out which bets your program needs to be making this year, and which partners can deliver them, that's what Passarel is for. Five bets, one accountable owner, end to end.

connect@passarel.com →

Staris AI

If your team is still relying on point-in-time pentesting, there's a better model. Staris delivers continuous attack path validation — built for security teams that want to stay ahead, not just catch up.

staris.tech/contact →