THE SECURITY BRUTALIST

About The Security Brutalist Blog

I’ve been in the security field for over 20 years, working across nearly every aspect of it. In the past decade, I’ve seen a surge of vendors pushing unnecessary "solutions", many claiming to solve problems we didn’t even know we had. Meanwhile, regulations continue to pile on new requirements, only adding to the complexity. This has made it difficult for security professionals to prioritize what actually needs attention, especially when it comes to identifying the real gaps and issues that need fixing.

We’re facing a growing need for resources, yet budgets keep shrinking. Alerts are flooding our monitoring systems, but we have no clear understanding of their root causes. New controls are being implemented, but they often fail when put to the test.

This is the reason behind Security Brutalism. It's a return to a no-nonsense, transparent, and robust approach to security, prioritizing effectiveness, simplicity, clarity, and resilience over superficial aesthetics. Security Brutalism rejects overly complex or hidden mechanisms in favor of simple, explicit policies that are easy to understand and hard to ignore. This methodology is unapologetically direct, favoring security that is visible, enforceable, and resilient across diverse environments.

The Security Brutalist Blog helps bring awareness to a simpler security style, one that focuses on core fundamentals and clear reasoning, which strengthens security culture and defense. Alongside the Security Brutalism website, it aims to simplify security by emphasizing basic controls and processes to reduce industry complexity.

Picture Security Brutalism as: What you see is what's enforced; what breaks doesn't collapse the system; and what remains is strong and recoverable.

If you need to contact me, please send a message to info @ this domain.

Disclaimer

The opinions expressed in this blog are mine, and are not official statements of my current or past employer, current or past team, current or past customers, or anyone else but mine.

The information and suggestions in this site are provided as is, and without a warranty of any kind. You assume all risks that might come from following or using anything on this website. I am not responsible if things don't work, things get broken, or security gets bypassed or compromised. You are the only responsible party here. If you don't agree, do not read this website, and do not apply anything depicted here.