https://calebsima.com/writing Essays on cybersecurity, AI, building companies, and investing. Also published as the Glitch newsletter. en-us Fri, 12 Jun 2026 15:01:34 GMT https://calebsima.com/writing/least-privilege-was-built-for-humans https://calebsima.com/writing/least-privilege-was-built-for-humans Fri, 12 Jun 2026 12:00:00 GMT AI & Security Least privilege assumes you're a person: a stable role, predictable tasks, quarterly reviews. Agents break every assumption, and the missing authorization signal is intent. The practical place to start is using agents to map your humans' privileges first. https://calebsima.com/writing/the-agent-is-commoditized https://calebsima.com/writing/the-agent-is-commoditized Mon, 18 May 2026 12:00:00 GMT AI & Security AI agents moved through three phases since early 2024. We're now in Phase 3, where the value isn't the agent — it's the harness around it. Whoever owns the harness owns the feedback loop. https://calebsima.com/writing/the-brain-becomes-portable https://calebsima.com/writing/the-brain-becomes-portable Mon, 30 Mar 2026 12:00:00 GMT AI & Security AI makes intelligence portable. For the first time, the enterprise can supply its own brain. You don't need the vendor to be smart anymore — and that changes the entire industry. https://calebsima.com/writing/the-era-of-the-zombie-tool https://calebsima.com/writing/the-era-of-the-zombie-tool Tue, 02 Dec 2025 12:00:00 GMT Security Leadership Why 'Buy vs. Build' is more critical than ever. Your 'free' internal tool is about to become your most expensive liability. https://calebsima.com/writing/a-cisos-guide-to-vetting-ai-security-vendors https://calebsima.com/writing/a-cisos-guide-to-vetting-ai-security-vendors Fri, 29 Aug 2025 12:00:00 GMT AI & Security A practical, no-nonsense framework for vetting AI vendors — built with Edward Wu from Dropzone AI. Three pillars: The Problem, The Proof, and The Practicality. https://calebsima.com/writing/intent-over-tactics-crown-jewels-strategy https://calebsima.com/writing/intent-over-tactics-crown-jewels-strategy Wed, 30 Jul 2025 12:00:00 GMT Security Leadership A practical guide to protecting your most critical assets when budget, head-count, and political capital are tight. https://calebsima.com/writing/ai-security-the-next-frontier https://calebsima.com/writing/ai-security-the-next-frontier Fri, 27 Dec 2024 12:00:00 GMT AI & Security After 25 years in security, nothing compares to what AI is about to do to our field. Most people are asking the wrong question. https://calebsima.com/writing/why-i-still-build https://calebsima.com/writing/why-i-still-build Sat, 30 Nov 2024 12:00:00 GMT Career The question I get asked most: "Why are you still doing this?" Building is who I am. It's not what I do — it's what I am. https://calebsima.com/writing/my-security-investment-thesis-for-2025 https://calebsima.com/writing/my-security-investment-thesis-for-2025 Tue, 19 Nov 2024 12:00:00 GMT Investing Every few years, the security landscape shifts fundamentally. We went from network security to endpoint security to cloud security. Each shift created massive companies. https://calebsima.com/writing/mythbusting-ai-security-incidents https://calebsima.com/writing/mythbusting-ai-security-incidents Tue, 29 Oct 2024 12:00:00 GMT AI & Security Our analysis of 243 documented AI security incidents reveals a surprising truth: most of these aren't AI-specific attacks at all. https://calebsima.com/writing/building-comprehensive-ai-llm-ml-ops-marketecture https://calebsima.com/writing/building-comprehensive-ai-llm-ml-ops-marketecture Tue, 01 Oct 2024 12:00:00 GMT AI & Security A comprehensive architecture framework for understanding the AI/ML operations pipeline — from model training through deployment — and the security considerations at each layer. https://calebsima.com/writing/predicting-ais-impact-on-security https://calebsima.com/writing/predicting-ais-impact-on-security Mon, 17 Jun 2024 12:00:00 GMT AI & Security From BSides and RVAsec keynotes — a framework for understanding AI's real impact on cybersecurity through the lenses of coverage, context, and communication. https://calebsima.com/writing/in-a-genai-world-only-identity-matters https://calebsima.com/writing/in-a-genai-world-only-identity-matters Thu, 08 Feb 2024 12:00:00 GMT AI & Security As GenAI enables anyone to generate sophisticated attacks, traditional detection fails. The only reliable security signal left is identity — who is doing what, and should they be? https://calebsima.com/writing/personal-privacy-security-for-cisos https://calebsima.com/writing/personal-privacy-security-for-cisos Tue, 22 Aug 2023 12:00:00 GMT Privacy After years as a CISO dealing with threats, I decided to lock down my own personal security and privacy. Here's my framework for personal digital protection — from disappearing online to securing your home network. https://calebsima.com/writing/demystifying-llms-and-threats https://calebsima.com/writing/demystifying-llms-and-threats Wed, 16 Aug 2023 12:00:00 GMT AI & Security A comprehensive primer on how Large Language Models actually work under the hood, and the real security threats they introduce — from prompt injection to training data poisoning. https://calebsima.com/writing/from-founder-to-ciso-my-unconventional-journey https://calebsima.com/writing/from-founder-to-ciso-my-unconventional-journey Sun, 23 Apr 2023 12:00:00 GMT Career After departing as CSO of Robinhood, I reflect on my 5-year experiment going from cybersecurity founder to CISO across three very different companies — and what comes next. https://calebsima.com/writing/what-i-learned-at-capital-one https://calebsima.com/writing/what-i-learned-at-capital-one Thu, 01 Aug 2019 12:00:00 GMT Career Three hard-won lessons from my time at Capital One — security is genuinely hard, fundamentals beat fancy tools, and good engineering is the foundation of good security. https://calebsima.com/writing/how-we-got-started-automating-software-security https://calebsima.com/writing/how-we-got-started-automating-software-security Tue, 01 May 2018 12:00:00 GMT Engineering How we built a security code orchestration platform at Capital One to automate software security scanning across thousands of applications and hundreds of development teams. https://calebsima.com/writing/how-i-protected-my-home-network https://calebsima.com/writing/how-i-protected-my-home-network Sun, 01 Apr 2018 12:00:00 GMT Privacy A practical guide to home network security using Thinkst Canary tokens and Fingbox — because the cybersecurity professional's home network should be as monitored as the enterprise.