Blog Tags Projects About

Latest

A Next.js blog by Mark Williams

Published on
27 June 2026
Trust but Verify: Why Identity Pros Shouldn't Outsource Their Judgment to NIST, ACSC, or GCHQ
Cybersec
Standards bodies like NIST, the ACSC, and GCHQ have dual offensive/defensive mandates and structural conflicts of interest. Use their guidance, but test it against your own threat model rather than deferring to authority.
Read more →
Published on
27 June 2026
Privileged Access Management Architecture (Part 2): Discovery & Current-State Assessment
PAM
Privileged Access Management (Part 2): Discovery & Current-State Assessment
Read more →
Published on
26 May 2026
Privileged Access Management Architecture (Part 1): Introduction & Capabilities
PAM
Privileged Access Management (Part 1): Introduction & Capabilities
Read more →
Published on
10 December 2025
SMS OTPs: Bad for Security, Architecture, Engineering, and Call Centres
ciam
SMS OTPs: Bad for Security, Architecture, Engineering, and Call Centres?
Read more →
Published on
4 May 2025
CIAM vs. Workforce IAM
ciam
Why are CIAM and Workforce IAM Completely Different?
Read more →