I'm a cybersecurity architect, instructor, and thought leader with over 20 years of combined experience helping organizations strengthen their security posture across government, financial, and enterprise sectors. Known for bridging the gap between technical implementation and executive decision-making, I bring clarity and strategy to an often-complex security landscape.
My mission is to empower organizations and individuals to make risk-informed, data-driven security decisions.
| Website | https://survivaltrait.com/ |
| https://www.linkedin.com/in/jennings-matthew/ |
We often talk about supply chain risk like it only means foreign hardware, malware, or compromised vendors.
But it also includes ordinary dependencies.
SDKs. Hosted scripts. Embedded web content. Push vendors. Analytics platforms. Remote code paths.
When government ships an app, those choices carry more weight because public trust is attached to them.
#CyberSecurity #SupplyChainSecurity #AppSec #SecurityArchitecture
A government app should not be judged by the same privacy and dependency standard as a shopping app.
Citizens are not test users.
When public communication is delivered through software, the public inherits that software’s trust assumptions and telemetry model whether they understand them or not.
Official should mean more restraint, not less.
We warn people not to trust apps that ask for too much, reveal too little, and depend on systems they do not control.
That lesson should not disappear because the icon carries an official seal.
I wrote a new piece on why government apps should be held to a higher standard than ordinary commercial software, because citizens are not test users and public trust is not a product-growth strategy.
Triage is what keeps an incident from becoming five incidents.
It’s how professionals prevent spread and protect what matters most.
Do you have shared triage language for systems during incidents?
#IncidentResponse #CyberSecurity #Leadership #Resilience #RiskManagement
Part 2 is live: The Field Manual. Templates and pocket cards you can copy and run.
Link: https://theisarchitect.substack.com/p/forged-by-fire-part-2-the-field-manual
#IncidentResponse #CyberSecurity #RiskManagement #Resilience
A one-page incident briefing prevents the worst failure mode: everyone running in different directions.
Name the incident, declare command, state objectives, set the next update time.
Do you start incidents with a real briefing?
#IncidentResponse #CyberSecurity #Leadership #Resilience #RiskManagement
Part 2 is the gear: The Field Manual.
Pocket-card tools for cyber IR: incident briefing, Cyber LCES, containment menu, recovery sequencing, AAR template.
If you could add only one this quarter, what would it be?
#IncidentResponse #CyberSecurity #RiskManagement #Resilience
Field Note is live: “The New Insider Threat Is Authorized.”
Two risks, one theme: failures that are authorized but violate intent.
Auditability and safe override are not nice-to-haves anymore.
https://theisarchitect.substack.com/p/the-new-insider-threat-is-authorized?r=7cykfo
