Safeguard
Topic

Security Strategy

In-depth guides and analysis on security strategy from the Safeguard engineering team.

13 articles

Security Strategy

End-of-Year Security Planning: Setting Up Next Year for Success

The end of the year is when security programs are made or broken. Here is how to conduct an effective annual security review and build a plan that will actually be executed.

Dec 28, 20247 min read
Security Strategy

Security Team Scaling Strategies: Growing Without Burning Out

Your security team is probably understaffed. Here is how to scale security coverage without proportionally scaling headcount.

Jun 8, 20244 min read
Security Strategy

Building vs Buying Security Tools: Making the Right Call

Every security team faces the build-vs-buy decision. Here is a framework for deciding when to build custom tools and when to buy off the shelf.

Feb 8, 20244 min read
Security Strategy

How to Write a Security Advisory That Actually Helps

Most security advisories are either too vague to be actionable or too detailed to be safe. Here is how to write advisories that help defenders without enabling attackers.

Dec 28, 20236 min read
Security Strategy

CISO Quarterly Reporting Template: What the Board Actually Needs to See

Most CISO board reports contain too many technical details and not enough business context. Here is a reporting template that communicates security posture in terms boards understand.

Oct 20, 20237 min read
Security Strategy

Open Source vs Commercial SCA Tools: An Honest Comparison

Free SCA tools have gotten remarkably good. Commercial tools still offer advantages. Here is when each makes sense for your organization.

Oct 8, 20234 min read
Security Strategy

Changelog and Security Disclosure Best Practices

How you communicate security changes in your changelog affects both your users' safety and your project's trustworthiness. Here is how to get it right.

Aug 28, 20236 min read
Security Strategy

Security Maturity Benchmarking: How to Measure Against Your Peers

Security maturity models provide structure, but benchmarking against peers provides context. Here is how to build a meaningful security maturity benchmark without falling into common traps.

Jun 15, 20236 min read
Security Strategy

Vendor Lock-In in Security Tooling: The Hidden Cost of Integration

Deep integration with a security vendor creates efficiency but also dependency. Here is how to evaluate lock-in risk in your security tooling decisions.

Jun 8, 20234 min read
Security Strategy

Cybersecurity Budget Planning: A Practical Guide for Security Leaders

Budget season is every security leader's least favorite time. Here is how to build a cybersecurity budget that gets approved and actually protects the organization.

Feb 8, 20234 min read
Security Strategy

Vendor Concentration Risk in Software: When One Vendor Failure Breaks Everything

Depending on too few vendors creates systemic risk. The CrowdStrike outage proved it. Here is how to assess and manage vendor concentration in your software stack.

Jan 8, 20234 min read
Security Strategy

Security ROI Calculation Methods That Actually Work

Calculating security ROI is notoriously difficult because you are measuring things that did not happen. Here are methods that produce credible numbers.

Oct 8, 20225 min read
Security Strategy — Supply Chain Security Blog | Safeguard