Field Notes

3 posts with this tag

Field Notes — Reading EPSS Scores in Practice

Field Notes — Reading EPSS Scores in Practice

Working examples of EPSS score interpretation — when to trust it, when to override it, and how it interacts with CVSS and CISA KEV.

May 09, 2026 · 3 min read
Field Notes — Building a Security Program From Scratch

Field Notes — Building a Security Program From Scratch

A 90-day playbook for the first security hire at a small business. Identity, endpoints, email, backups, logging — in that order.

May 09, 2026 · 3 min read
Field Notes — Prioritizing Vulnerabilities in a Small Team

Field Notes — Prioritizing Vulnerabilities in a Small Team

Practitioner notes on triaging a vulnerability backlog without a dedicated AppSec team. CVSS, EPSS, KEV, and the controls already in place.

May 09, 2026 · 3 min read