Tech That MattRs

Category: Thought Leadership

  • Approved Tool, Expanding Agent: The Ownership Model That Works

    Approved Tool, Expanding Agent: The Ownership Model That Works

    Approved SaaS platforms keep gaining agentic capability. The original security review does not expand with them. This post covers the RACI model, re-review triggers, and anti-patterns that break accountability when trusted tools evolve, plus what NIST AI RMF and OWASP Agentic Top 10 say about why one-time approval was never…

  • Defending Against Modern Cyber Threats: A Day in the Life of Security Operations

    Defending Against Modern Cyber Threats: A Day in the Life of Security Operations

    Modern security incidents don’t fail in one place – they move. A phish becomes an identity problem. A third-party app becomes a data exposure problem. A zero-day becomes a privilege problem. This post follows a SecOps lead through five real attack scenarios and the process discipline that keeps operations standing.

  • The 90-Day Agent Identity Governance Plan

    The 90-Day Agent Identity Governance Plan

    AI agents are moving fast, but governance is not keeping up today. This practical 90-day plan shows how to bring agent identities under control with ownership, least privilege, data-aware boundaries, and lifecycle discipline before hidden access, unmanaged connectors, and pilot magic turn useful automation into the next preventable security incident.

  • Shadow Agents Are the New Shadow IT

    Shadow Agents Are the New Shadow IT

    Shadow agents are the new shadow IT. This blog explains how unsanctioned agents, hidden connectors, and delegated access create new security risk, and why inventory, ownership, boundaries, and review are the practical controls that keep pilot magic from turning into production debt.

  • Tech That MattRs: Field notes for people who have to operate the mess

    Tech That MattRs: Field notes for people who have to operate the mess

    A living content index of practical field notes on identity security, authorization, AI agent governance, non-human identities, SecOps, compliance, hybrid cloud, and technical PMM craft. Use the tracks to find what fits your situation, then apply it in production.

  • Use Device Groups to Automate Investigations in Microsoft Defender for Endpoint

    Use Device Groups to Automate Investigations in Microsoft Defender for Endpoint

    Back in 2019, I wrote about using machine groups in Microsoft Defender ATP to automatically resolve investigations on selected systems. The core idea was simple: not every endpoint should be handled the same way, and security teams need a way to apply different remediation behavior to different classes of machines.…

  • Hybrid CI/CD with Azure Stack

    Hybrid CI/CD with Azure Stack

    Hybrid CI/CD with Azure Stack allows development teams to build, test, and deploy applications across on-premises infrastructure and Microsoft Azure using a consistent DevOps workflow. This guide explores how Azure Stack enables modern CI/CD pipelines, hybrid cloud development, and application delivery models that support both datacenter and cloud environments.

  • How To Differentiate with Microsoft’s Azure Stack

    How To Differentiate with Microsoft’s Azure Stack

    Azure Stack brings the Azure cloud model into your own datacenter, enabling hybrid cloud architecture where applications can run consistently across on-premises and public Azure. This post explores how Azure Stack helps organizations modernize infrastructure, meet regulatory and latency requirements, and differentiate by delivering Azure services locally while maintaining a…