AI is making commodity software nearly free to produce, exposing security vendors without real moats. Feature lists stopped being a reliable signal of which products will hold their position as commoditization sorts the market. If you were anxious about "SaaSpocalypse," here's a practical way to understand and handle it:

A seven-dimension rubric from Ben Vierck scores software products from 1 to 3 across each dimension. Three cybersecurity-specific dynamics raise scores for products with compounding defensibility. For example, an EDR platform with a shared data layer can score 20 out of 21 because its dimensions reinforce each other. Enterprise buyers generate telemetry that sharpens detection, which strengthens the compliance posture that attracts the next buyer.

Product managers and founders can apply the rubric to their own product, while buyers can apply it to their vendor shortlist. A low score names a dimension that needs investment, or a vendor likely to be bundled, absorbed, or replaced. Running the exercise honestly identifies the gaps worth examining.

https://zeltser.com/scoring-security-product-strategy

#cybersecurity #infosec #productmanagement #AI #securityleadership

Now you can receive my blog posts via email. Go ahead and sign up: https://zeltser.com/newsletter

I've enjoyed writing more frequently and deeply than I have in recent years, and I'm glad to have more ways to get those articles in front of readers who want them.

All of my posts will continue to reside on my site, but I want to make it easy for people to read them in a way that works for them, whether on social media, in their RSS reader, or in their email inbox.

I decided to maintain my own website and newsletter platform rather than using services such as Medium and Substack so I can shape the reading experience and keep it free of paywalls and ads.

#infosec #cybersecurity #securityleadership

Ignoring cyber risk is cheaper right up until it becomes spectacularly expensive💡

#CyberSecurity #InformationSecurity #Infosec #Compliance #GRC #CyberResilience #ITSecurity #CyberRisk #CyberAwareness #DigitalSecurity #SecurityLeadership #RiskAssessment #ISMS #ISO27001 #CISO

Nothing weakens a security culture faster than executive shortcut syndrome.💡

#CyberSecurity #InformationSecurity #Infosec #Compliance #GRC #CyberRisk #CyberAwareness #SecurityLeadership #ISMS #CISO

We invest hours analyzing a security risk, and that effort makes us overvalue the recommendation. An executive who hasn't shared that analysis weighs the same risk differently, and they might be right.

https://zeltser.com/rejected-security-recommendations

#cybersecurity #securityleadership #CISO #infosec

As we automate more security work, stakeholders trust what they can see. Making them feel secure is as much our job as making them secure.

https://zeltser.com/importance-of-feeling-secure

#cybersecurity #infosec #securityleadership

When DevOps overwhelmed security reviews, the same velocity let teams patch in minutes instead of waiting for quarterly releases. Vibe coding by non-developers is the next shift where that speed works in our favor.

https://zeltser.com/security-governance-vibe-coding

#cybersecurity #infosec #securityleadership #AI

🧠Turn your team into threat hunters, one dice roll at a time 💥

🎲 𝗗𝗨𝗡𝗚𝗘𝗢𝗡𝗦 & 𝗗𝗥𝗔𝗚𝗢𝗡𝗦: 𝗧𝗛𝗘 𝗦𝗘𝗖𝗨𝗥𝗜𝗧𝗬 𝗣𝗢𝗪𝗘𝗥 𝗧𝗢𝗢𝗟 𝗬𝗢𝗨 𝗗𝗜𝗗𝗡’𝗧 𝗞𝗡𝗢𝗪 𝗬𝗢𝗨 𝗡𝗘𝗘𝗗𝗘𝗗 - Klaus Agnoletti ( @klausagnoletti ) & Glen Sorensen 🛡️

Roleplaying isn’t just for nerds, it’s a proven method for building real security muscle. This talk reveals how structured tabletop roleplaying games unlock deeper learning, improve team cohesion, and turn abstract security concepts into lived experience. By simulating incident response, threat modeling, and zero-trust design through narrative-driven play, teams develop adaptive thinking, shared mental models, and faster decision-making under pressure.

Klaus Agnoletti https://www.linkedin.com/in/agnoletti/ is a freelance storytelling cyber security advisor, co-founder of BSides København, neurodiversity advocate, and architect of playful security transformation through narrative and gamification.

Glen Sorensen https://pretalx.com/bsidesluxembourg-2026/speaker/J3PRCC/ is a Solutions Engineer at DeleteMe, former vCISO, and incident master for HackBack Gaming. 20+ years in security engineering, GRC, and operations. Passionate about OSINT, AI-powered social engineering, and using tabletop games to train real-world response.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg #GamifiedSecurity #CyberTraining #IncidentResponse #RolePlaying #SecurityLeadership #InfosecEducation #PlayToLearn

We adapted security governance to SaaS adoption and DevOps velocity. Vibe coding by non-developers is the next comparable shift, and those transitions give us a starting approach, even though the timeline is shorter.

https://zeltser.com/security-governance-vibe-coding

#cybersecurity #infosec #securityleadership #AI