Kane’s Blog

Background Third-party risk management (TPRM) has its challenges. It is a relatively new area that has been developing rapidly, but many programs face significant issues as their companies grow. TPRM rarely scales linearly with the business or the number of applications in use. There are no easy fixes, but you can make steady improvements. I will share some practices I have used to improve programs over time, which you can take away and adapt to your situation....

Summary In this blog post, I’ll go into the basics of third-party risk management, what the challenges are, and give you an overview of what an average Third-Party Risk Management (TPRM) program looks like. This is designed primarily for people new to the industry up to the mid-level, but there might be a few points valid for seniors with mature programs too. Background In recent years TPRM has become a growing chunk of work for cyber security teams....

I’ve seen a lot of zero trust setups, from off-the-shelf vendor tools to complex custom-built solutions. I’ve found that many of them share the same problems and below I’ve listed the most common 8 I see. These usually stem from the design phase so the earlier you catch them the better! Admittedly some are those gnarly enterprise security problems which require a culture change and effort shift, especially number 8 as increasing manual workloads is not usually the top priority....

Introduction I’ve seen a few blog posts lately about building corporate security but they are always… well.. so corporate. They are always viewed through the lens of extreme risk but the reality is that most places are not banks or government agencies. The examples given often lock things down to the point where manual work is required for every request which is unrealistic in most public companies. You can (and should) try to achieve your security goals while impacting your employee experience as little as possible in the process....

You wake up, alarm blaring. Your AI assistant notifies you there’s been another netrunner attack on the company. You chug down your synthesized meal replacement drink and hurriedly rush out the door, “hopefully the maglev isn’t delayed again” you think to yourself. You scan yourself into the office with facial recognition and check your metrics for security incidents, you realize you’ve gone below your allowed security KPIs this month and hope they don’t dock your pay again....

Background This is written for all the new folks coming into the industry, whether you’re just starting or finished university recently, my goal here is to provide some context on whats the situation in the market and give you some tips to help land your first role. I’ve been a hiring manager for over ten years, the last six years of which being in big tech and the time before being primarily in the government and defence sectors....

What is Client Platform Engineering? One of the growing ideas in tech is the idea of a “Client Platform Engineering” (CPE) team. I looked around and to my surprise I couldn’t find much in the way of content for what these teams do. I managed the Client Platform Engineering team at Shopify and worked closely with our team in Atlassian when I was leading the enterprise security team there so I figured I would attempt to demystify the team and what they do....

Background Update: This blog was posted back in 2021 on my previous blog and was based on a 2020 talk I did. In migrating to a new platform I’ve gone through and applied a few updates for 2022 mostly focusing on new features available on the market and upcoming changes such as WebAuthN improvements with passwordless. I spent the last few years building out a Zero Trust architecture as the Head of Corporate Security in Atlassian and I figured it’s time to write a blog going into some of the design decisions we made and how we implemented the changes at enterprise scale....

Quick Update I’ve been occasionally posting on various platforms for a while and I figured I’d finally spin up a dedicated blog. I’ll likely leave other content elsewhere for now but I might migrate a few posts I think are worthwhile but I’ll clean them up and post 2022 versions of them to make sure its accurate. What Am Using? GitHub Pages - It’s decent, it’s free and it’s easy to use Blogging Platform - Hugo, for reasons below Theme - Papermod, because it’s lightweight and the creator is a security engineer Domains - Namecheap Analytics - Google Analytics Hugo vs Other Platforms I’ve been using Go on and off for a few years and I figured I need a side project that’ll make me stick with it rather than having to relearn everything again every 4-6 months....