Michael Lakav

I've spent my career in cybersecurity from nearly every side of the table — and this is where I write about it.

My start was in the military, in the IT and cybersecurity space. It was the kind of environment where security isn't a compliance checkbox but something with real consequences, and it set the foundation for everything since.

From there I moved to the customer side — inside an organization, responsible for actually defending it. Living with the tools, the alerts, the trade-offs, and the daily gap between what security products promise and what they deliver when you're the one depending on them.

Today I work in solution engineering — sales engineering — which has given me something rare: a view across many enterprises at once. I sit with security teams at organizations of every size, working through their hardest problems, and I see the patterns. What actually breaks. Which attack paths keep resurfacing. Where the real risk lives versus where the noise is. It's a front-row seat to security at scale — the real version, not the one that trends online.

What I write about

Anything in cybersecurity worth thinking hard about, written from practice rather than punditry:

• Breaches and incidents — not hot takes, but what actually happened, how the attack chained together, and what defenders should take from it.
• Attack paths and offensive thinking — how real compromises unfold, end to end.
• AI security — the attack surface of LLM-powered systems and autonomous agents, which I believe is the most important frontier in the field right now.
• Field notes — patterns and lessons from working with enterprises every day, the kind you only learn first-hand, on the front lines.

The throughline: I do this daily, with real organizations, against real problems. What ends up here is what the field actually teaches.

Elsewhere

Find my code and labs on GitHub, and my professional background on LinkedIn.