Writing
Opinions, analysis, and insights from real engagements. No vendor fluff.
All Posts
Why I Get Domain Admin in Every Penetration Test
The uncomfortable truth about AD security that vendors won't tell you.
Read MoreThe Active Directory Security Mistakes I See in Every Slovenian Company
After 50+ penetration tests in Slovenia, these are the AD misconfigurations that give me Domain Admin access every single time.
Read MoreBuilding a Security Culture That Actually Works
Technical controls fail without human awareness. Build culture that scales.
Read MoreWhy Hackers Choose Their Targets (It Might Be You)
Understanding target selection helps you assess your own risk.
Read MoreAssessing Your Security Maturity: Where Do You Stand?
A framework for understanding your organization security posture.
Read MoreVulnerability vs Risk: What Decision Makers Need to Know
Not every vulnerability is a risk. Learn to prioritize what matters.
Read MoreHow to Buy Security Testing: A Guide for Decision Makers
What to look for when purchasing penetration testing services.
Read MoreHow Attackers Think: The Mindset Behind Breaches
Understanding attacker methodology helps defenders build better security.
Read MoreRed Team vs Penetration Test: Which Do You Need?
Understanding the key differences between red team engagements and penetration tests.
Read MoreWhat Penetration Testers Actually Do (And Why It Matters)
A clear explanation of penetration testing methodology, deliverables, and business value.
Read MoreExplore More
Read my expertise pages, research, or prepare for a pentest.