What this Grid covers
ThreatGrid is where I write about defensive engineering as it actually gets practiced — not as a marketing diagram. The scope spans Zero Trust architecture, identity as the new perimeter, EDR and XDR tuning, vulnerability management under real-world constraints, SOC operations, detection engineering, and incident response. If a control only works in a vendor slide deck, it doesn't belong here.
The recurring themes are prioritization and honesty. Security teams are drowning in alerts, CVEs, and frameworks. The work that actually moves the needle is disciplined triage — knowing which vulnerabilities are being exploited right now (the CISA KEV catalog is a good starting point), which controls map to the threat models your organization actually faces, and which "best practices" are safe to deprioritize. Writing here tends to be opinionated about that tradeoff.
Expect breach post-mortems, architectural reviews, Zero Trust reality checks, patch-management philosophy, and occasional commentary on the vendor ecosystem. Written from the practitioner's chair, not the analyst's.
Posts in this Grid
The CISA KEV Catalog as a Prioritized Patch Backlog
Treating Known Exploited Vulnerabilities as the top of your patch queue — and what it does to SLA conversations.
Zero Trust Is Harder Than Vendors Admit
Where the model breaks down in real enterprises, and the honest sequencing of work required to get there.