https://samaydlette.com Cybersecurity practitioner and author sharing insights on security, compliance automation, and philosophy. en-us Mon, 04 May 2026 00:00:00 +0000 https://samaydlette.com/pages/article-27.html https://samaydlette.com/pages/article-27.html Mon, 04 May 2026 00:00:00 +0000 FedRAMP 20x 20x bets that automated KSI validation makes inventory questions answerable without a separate inventory deliverable. That bet only pays off if KSIs themselves carry standardized component references. Here's what that could look like. https://samaydlette.com/pages/article-26.html https://samaydlette.com/pages/article-26.html Mon, 23 Mar 2026 00:00:00 +0000 FedRAMP 20x Agentic systems can easily become simulacra. Without governance anchored in genuine human intent, we get organizations that are perfectly, continuously, autonomously convinced they're secure... until reality proves otherwise. https://samaydlette.com/pages/article-25.html https://samaydlette.com/pages/article-25.html Thu, 05 Mar 2026 00:00:00 +0000 FedRAMP 20x FedRAMP 20x isn't an overhaul of compliance. It is an extension of engineering best practices into compliance. In other words, compliance is now a function of Site Reliability Engineering. https://samaydlette.com/pages/article-24.html https://samaydlette.com/pages/article-24.html Wed, 11 Feb 2026 00:00:00 +0000 self-reflection Attempting to capture what writing really means to me. https://samaydlette.com/pages/article-23.html https://samaydlette.com/pages/article-23.html Sun, 08 Feb 2026 00:00:00 +0000 cybersec_strategy The mathematics of thresholds maps directly onto cybersecurity. Dynamical systems theory provides the vocabulary to describe how security operations actually works, and how to measure whether it's working. https://samaydlette.com/pages/article-22.html https://samaydlette.com/pages/article-22.html Tue, 13 Jan 2026 00:00:00 +0000 FedRAMP 20x Systems that optimize on engagement diverge against trust. Exploring the security risks of engagement-optimization in generative AI platforms used by government. https://samaydlette.com/pages/article-21.html https://samaydlette.com/pages/article-21.html Thu, 18 Dec 2025 00:00:00 +0000 FedRAMP 20x How public and private sector organizations with different incentive structures can converge on shared security goals through measurable trust. https://samaydlette.com/pages/article-20.html https://samaydlette.com/pages/article-20.html Thu, 11 Dec 2025 00:00:00 +0000 compliance_automation How a shift in perspective opens up automated validation and reporting, even for "non-technical" controls, and why this matters for modern compliance. https://samaydlette.com/pages/article-19.html https://samaydlette.com/pages/article-19.html Thu, 06 Nov 2025 00:00:00 +0000 risk_assessment What if you could assess risk across any Cloud Service Provider in 15 minutes with nothing but a laptop, and repeat it continuously? https://samaydlette.com/pages/article-18.html https://samaydlette.com/pages/article-18.html Wed, 22 Oct 2025 00:00:00 +0000 Cybersecurity There are many great cybersecurity tools on the market, but buying good tools won't automatically give you good security. Just as you can't buy a hammer and expect it to build a house, tools need capable operators in order for them to be effective. https://samaydlette.com/pages/article-17.html https://samaydlette.com/pages/article-17.html Wed, 08 Oct 2025 00:00:00 +0000 FedRAMP 20x From ancient Greek navigators to predictive security: how feedback loops and self-adaptation are transforming government compliance. https://samaydlette.com/pages/article-16.html https://samaydlette.com/pages/article-16.html Thu, 11 Sep 2025 00:00:00 +0000 military_values A reflection on military service, integrity, and the implications of political decisions affecting those who have served. https://samaydlette.com/pages/article-15.html https://samaydlette.com/pages/article-15.html Fri, 29 Aug 2025 00:00:00 +0000 intelligence_systems It's important that we maintain access to fact-based, diverse perspectives on global and local issues that affect us. I've created an app that curates information from a wide range of reputable sources and creates custom daily reporting for me on events and trends that I care about. https://samaydlette.com/pages/article-14.html https://samaydlette.com/pages/article-14.html Mon, 18 Aug 2025 00:00:00 +0000 ai_vulnerability_management How artificial intelligence transforms vulnerability management from static data points into dynamic, context-aware intelligence that dramatically improves both accuracy and operational efficiency. https://samaydlette.com/pages/article-13.html https://samaydlette.com/pages/article-13.html Fri, 15 Aug 2025 00:00:00 +0000 vulnerability_management CVEs get a lot of attention, but they are at the tip of a pyramid when it comes to vulnerability management. This article contextualizes CVE findings to show teams how to build a solid foundation for effective vulnerability management. https://samaydlette.com/pages/article-12.html https://samaydlette.com/pages/article-12.html Mon, 04 Aug 2025 00:00:00 +0000 digital_transformation A new type of engineer is emerging - the "transformation engineer." Understanding and empowering them may be crucial for competitive advantage in the tumultuous times ahead. https://samaydlette.com/pages/article-11.html https://samaydlette.com/pages/article-11.html Fri, 18 Jul 2025 00:00:00 +0000 compliance_automation Why most compliance automation fails at the engineering reality check, and how to build validation that actually works using unit and function tests. https://samaydlette.com/pages/article-10.html https://samaydlette.com/pages/article-10.html Tue, 27 May 2025 00:00:00 +0000 opa_policy How Open Policy Agent (OPA) transforms compliance from a cost center into a competitive advantage for cloud service providers. https://samaydlette.com/pages/article-9.html https://samaydlette.com/pages/article-9.html Wed, 14 May 2025 00:00:00 +0000 sbom Discover how Software Bills of Materials (SBOMs) are transforming cloud security and compliance practices. https://samaydlette.com/pages/article-8.html https://samaydlette.com/pages/article-8.html Mon, 28 Apr 2025 00:00:00 +0000 devsecops Exploring why hardened components in your CI/CD pipeline are essential for security, from DIY approaches to vendor solutions. https://samaydlette.com/pages/article-7.html https://samaydlette.com/pages/article-7.html Fri, 18 Apr 2025 00:00:00 +0000 cybersec_strategy Exploring how complexity itself has emerged as a meta-risk that overshadows conventional cybersecurity threats. https://samaydlette.com/pages/article-6.html https://samaydlette.com/pages/article-6.html Thu, 10 Apr 2025 00:00:00 +0000 container_security Learn how organizations can define and track ephemeral technology components in containerized environments. https://samaydlette.com/pages/article-5.html https://samaydlette.com/pages/article-5.html Tue, 25 Mar 2025 00:00:00 +0000 cybersecurity Learn how to ethically assess the thoroughness of public asset inventory practices using free, open-source tools like Nmap, Masscan, Amass, and Shodan. https://samaydlette.com/pages/article-4.html https://samaydlette.com/pages/article-4.html Thu, 13 Mar 2025 00:00:00 +0000 artificial_intelligence Learn how to unlock the power of AI on your ordinary laptop - no subscriptions, no privacy concerns, and no fancy hardware required. https://samaydlette.com/pages/article-3.html https://samaydlette.com/pages/article-3.html Tue, 25 Feb 2025 00:00:00 +0000 cloud_security How to implement a comprehensive vulnerability management workflow in AWS for under $50,000 https://samaydlette.com/pages/article-2.html https://samaydlette.com/pages/article-2.html Sat, 01 Feb 2025 00:00:00 +0000 compliance_as_code How to implement compliance-as-code in AWS using GitOps and automated security control validation https://samaydlette.com/pages/article-1.html https://samaydlette.com/pages/article-1.html Sun, 19 Jan 2025 00:00:00 +0000 vpn_analysis Going down the rabbit hole while attempting to uninstall ProtonVPN - persistence mechanisms and security implications