The FCC voted on November 20, 2025 to eliminate federal cybersecurity requirements for telecom carriers, removing mandatory risk management plans, certifications, and protections against unauthorized access. This change may increase variability and risk across the telecom ecosystem, but it could also give carriers more flexibility to adopt modern, adaptive security practices.

Attackers are targeting CI/CD pipelines and AI infrastructure, not just applications, and traditional assessments are blind to these threats. Here's a practical playbook for assessing DevOps and AI security with threat modeling, red teaming, and validation techniques.

AI and AIOps are revolutionizing DevOps by boosting speed, automation, and predictive insight, but they're also introducing new attack surfaces and security blind spots. This post breaks down the opportunities, risks, and what security teams must do to stay ahead.

This post introduces the evolving landscape of DevOps security in the age of AI, automation, and cloud-native infrastructure. It outlines why traditional security models fall short and previews a series focused on securing modern pipelines through architecture-driven assessments.

Offensive Security is a broad discipline. It spans vulnerability research, reverse engineering, red teaming, application security, and more but let’s just call it penetration testing for now. Lately, I’ve seen more people express frustration after receiving subpar results from their penetration test vendors. If you’ve been there, this post is for you.