About

I’ve been working in the security field for over 25 years across nearly every area. In that time, I’ve seen how security programs often break down when they meet real-world conditions. The problem usually comes down to a missing assumption: no matter what we do, compromise is always possible. What the architecture promises, what the controls report, and what we believe to be true often diverge from what is actually happening on the ground.

Survivability Engineering focuses on building systems that continue to function when things go wrong. This blog explores how to design with failure in mind, measure true resilience, and close the gap between what your security program claims and how it performs under stress. The goal is not to prevent every attack, but to understand how long systems remain in a failed state and to continuously reduce that time.

Brought to you by the Security Brutalist.