Stone and wood arched doorway with glowing digital overlay showing a garden path and plants
Business

The Cheapest Way Into Your Business Isn’t Malware. It’s a Phone Call.

It’s 4:45 on a Friday.
Someone on your finance team gets a call.
The voice is calm, knows the CFO’s name, references a real invoice number, and just needs “one quick correction” on a wire transfer.
Ninety seconds later, the money is gone.

Nobody wrote a single line of malicious code to make that happen.

That’s not a scare story. It’s the new baseline. CrowdStrike found that 79% of detections in 2025 involved no malware at all — no virus, no exploit kit, nothing your antivirus was ever built to catch. The attacker just… logged in. Or called. Or asked nicely.

If you run a small or midsize business, 2026 is the year to stop thinking about cybersecurity as “did we install the right software” and start thinking about it as “can someone talk, click, or log their way into something they shouldn’t.”

Here’s what the data actually says, and what to do about it.

Continue reading
Standard
AI, webdev

Unlocking WhatsApp: Your Local Analytics Dashboard

A few months ago I wrote about building a local analytics dashboard for WhatsApp using the amazing WaCrawl project.
If you haven’t read it yet, start here:

Unlock Your WhatsApp Data with a Local Analytics Dashboard

Since then, the project has evolved dramatically.
It is no longer just a visualization of your messages—it’s becoming a complete analytics platform for understanding years of conversations while keeping every byte on your own computer.

If you’re the kind of person who has accumulated hundreds of thousands (or millions) of WhatsApp messages, you’ll probably discover things about your communication habits that you never noticed before.

Why Another WhatsApp Analytics Tool?

Most messaging analytics products have one major problem:

They require uploading your conversations to someone else’s servers.
That’s a non-starter for most people.

The dashboard follows one simple rule:
Your messages never leave your machine.

The application reads the local SQLite archive produced by WaCrawl and exposes a read-only API that is only accessible from localhost.

Continue reading
Standard
Secure data streams from public, hybrid, enterprise cloud, and data sources into a compliance vault engine
AI, Business

Automating the Audit Trail: How I Built a GitHub Screenshoter for Zero-Friction SOC 2 Compliance

It’s audit season. And if you’re a SaaS startup, you know exactly what that means.
The dreaded “Change Management” evidence request.

Some auditor sends you a list of 15 random commit SHAs from your production branch and says: “Prove to me that every single one of these was reviewed, approved, and linked to a ticket.”

Your heart sinks.

You know you’re about to spend the next four hours of your life doing the most mind-numbing task in tech: opening GitHub, finding the commit, taking a screenshot, finding the PR, taking a screenshot, finding the issue, taking a screenshot, and pasting it all into a PDF.

It’s manual. It’s painful. And it’s a complete waste of engineering time.

So, I built a tool to kill this pain once and for all: GitHub Screenshoter.

Continue reading
Standard
Five agents collaboratively repairing a complex machine labeled Mega-Device X1 in a futuristic lab filled with tools and monitors.
AI, webdev

5-Agent Framework for Code Audits

I’ve been seeing the same anti-pattern everywhere lately.
Someone opens Cursor, Copilot or Claude and pastes a giant prompt:

Continue reading
Standard
A glowing app icon launching from a futuristic digital cube platform with sparks and fragments
AI, Business, cloud

Migrating from Lovable: Steps to Self-Host Your App

Lovable is a remarkable product.
You describe what you want. It builds it. You ship in hours instead of weeks.
That’s genuinely impressive, and I’ve used it to launch things I would have otherwise shelved for “when I have more time.”

But “when I have more time” eventually arrives.

And when it does, you start asking different questions:

“What happens if they change pricing?”
“Can I run this on my own infrastructure?”
“Where exactly does my data live?”

Those aren’t paranoid questions. They’re the right questions.
This post is about answering them — practically, with actual steps you can follow.

Continue reading
Standard
Business

Scaling Engineering: Ownership Over Hiring

Most engineering leaders think scaling is about hiring.

And honestly, that instinct makes sense — more work, more people, problem solved. But in practice, scaling engineering is mostly about scaling ownership. The teams that succeed aren’t necessarily the ones with the most engineers, the most process, or the fanciest org charts. They’re the ones that can keep ownership close to the work as the organization grows.
That sounds simple until you’ve experienced the moment it breaks down at 2 AM.

I’ve had the chance to see engineering organizations at very different scales — from early startup environments to larger companies like Google, Netflix, Meta, and JFrog.
Every company is unique, but the patterns are surprisingly consistent.

The biggest takeaway is this: every growth stage introduces a new coordination tax.
The challenge isn’t eliminating that tax.
The challenge is preventing coordination overhead from growing faster than the company does.

The First 20 Engineers: Optimize for Builders

At around 20 engineers, speed is your biggest advantage, and process is often your biggest enemy.
Everyone sits close to the product. Engineers talk directly to customers.
The person writing the code can usually explain exactly why it exists and what it connects to. It’s a genuinely magical phase — and it’s also temporary, so it’s worth enjoying while it lasts.

At this stage, ownership should be brutally simple: teams own services end-to-end, carry their own on-call rotation, deploy their own code, and fix their own incidents.
No exceptions.
One of the strongest signals of a healthy engineering culture is whether the people building the software also feel the consequences when it breaks. If your team gets paged because their service is down, reliability becomes surprisingly important. Funny how that works.

The Platform Team Trap

One mistake I see repeatedly at this stage is creating a platform team too early.
The logic is completely understandable — someone notices that everybody is independently building CI pipelines, setting up monitoring, and solving the same deployment problems.

The natural reaction is, “we need a platform team.” And you know what?
That instinct isn’t wrong.
It’s just early.

At 20 engineers, the cost of coordination is often higher than the cost of duplication.
A few redundant solutions are cheaper than introducing another organizational boundary and the meetings, hand-offs, and dependency management that come with it. This tradeoff becomes even more relevant in the AI era.

Generating code is now cheap.
Creating clear ownership is still expensive. The bottleneck is no longer writing software — it’s understanding who should maintain it six months from now. That’s a human problem, not a tooling problem.

Around 50 Engineers: The Coordination Tax Arrives

Continue reading
Standard
AI, Business

Building a CMMC Readiness Calculator That People Can Actually Finish

Most compliance tools look great in screenshots.

Far fewer are useful on a random Tuesday afternoon when someone in operations, IT, or leadership is trying to answer a simple question:

“How ready are we, really?”

That’s the problem we set out to solve.

Not certification.
Not auditing.
Not replacing consultants.

Just helping defense contractors get a realistic picture of their CMMC readiness before investing weeks of meetings, spreadsheets, and assessment calls.

The result is a simple CMMC Readiness Calculator that turns a short questionnaire into:

  • an estimated readiness score
  • an estimated SPRS score
  • a count of missing or partially implemented controls
  • a three-year compliance cost projection
  • a comparison between traditional and managed compliance approaches

Nothing magical.
Just useful.

Continue reading
Standard
Futuristic cockpit with holographic compliance and cybersecurity monitoring dashboard
AI, Business

CMMC Certification Cost: How AI-Native Compliance Can Cut Expenses by over 70%

If you’re pursuing CMMC certification, one of the first questions you’ll ask is:

How much does CMMC certification cost?

The answer depends on your current security posture, the size of your organization, and how you approach compliance. For many small and mid-sized businesses, the total cost of achieving and maintaining CMMC Level 2 compliance can range from tens of thousands to hundreds of thousands of dollars.

The surprising part?

The audit itself is rarely the biggest expense.

Continue reading
Standard
Physical legal documents dissolving into digital code and holographic interface on an office desk
AI, Business

AI and Compliance: The Most Boring Billion-Dollar Opportunity Nobody Is Talking About

The US compliance sector is massive, expanding rapidly, and heavily strained.
It represents over $40 billion in annual labor spend with more than 400,000 officers. Despite ballooning teams, compliance work has remained stubbornly manual, bureaucratic, and paper-based (“schlep work”), leading to high employee churn (>20%) and massive backlogs (e.g., TD Bank’s $3B fine over a 70,000-alert backlog).

Here’s a weird data point:
Over the last 20 years, the fastest-growing occupation in the US was manicurists and pedicurists.
Right behind it?
Compliance Officers.

Not AI engineers. Not data scientists. Compliance officers.
That says something important about where the real work has been hiding.

The Problem Nobody Wanted to Solve

Compliance is painful. Bureaucratic. Paper-heavy. Repetitive.

Continue reading
Standard