This Blog

This is a long-form blog on all of the problems I think are (and aren't) the key problems we're facing in security. I want to foster discussion far more than I think my words are gold that everyone should listen to. Please give me lots of feedback! I'm doing this here (on Substack) because I agree with James Mickens in my dislike of Twitter.

This isn't primarily for novel, technical, nuts and bolts problems, since there are plenty of fantastic examples of resources for those that you should subscribe to. I'm focused on organizational problems, what we in the industry are and are not prioritizing. I will try to be educational regarding concepts that are central to the post, so you should be able to learn from my blog if you're newer to security, and should not need to know a thousand acronyms just to read it. I will probably complain a lot about security vendors.

All views expressed are my own, and don’t represent the views of whatever company I happen to be working at at the time of reading.

Me

I'm Jonathan (Jon) Price, currently leading the Security Operations team at Grafana Labs, an open-source-focused software observability company. In the past, I've run security, privacy, compliance, and IT at a ~250-person SaaS startup, AppSec at a bank subsidiary, security engineering at a FinTech company, and advanced research at (Raytheon) BBN Technologies.

I live in the Boston area, run a bit, read a bunch, and go to a bunch of concerts. You can see additional information on my LinkedIn. You can see what I’m reading at Goodreads.