Coach CISO

https://coachciso.com/Coach CISOBlog from Simon Goldsmith, a Chief Information Security Officer and a lifelong student of leadership and building high performing teams. Simon believes in security as both a profession and craft - one that requires relentless curiosity, the humility to listen to those in the code, and the agility to adapt to the unique complexity of the organisations and people we serve. 2026-05-23T01:14:37+02:00 Simon Goldsmith https://coachciso.com/ Jekyll © 2026 Simon Goldsmith /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png Why inspection failed2026-05-22T02:00:00+02:00 2026-05-22T23:51:49+02:00 https://coachciso.com/posts/what-appsec-should-do-next/ Simon Goldsmith

Why inspection failed — and what AppSec should do next A plan for software security in the age of AI-generated code The hidden factory Every software organisation runs two factories. The first is the one leadership sees: feature roadmaps, sprint velocity, deployment frequency, revenue. The second is invisible. It exists solely to fix things that were not done right the first time. Your develo...

The wrong race2026-04-16T02:00:00+02:00 2026-04-16T02:00:00+02:00 https://coachciso.com/posts/the-wrong-race/ Simon Goldsmith

The wrong race Two Numbers In January 2026, two security researchers pointed AI agent swarms at Windows kernel drivers from AMD, Intel, NVIDIA, Dell, Lenovo, and IBM. In thirty days, for $600, they found over 100 exploitable vulnerabilities. Cost per bug: four dollars. In the same month, CrowdStrike published a number that should concern anyone who has approved a security budget in the past f...

Welcome to my new blog !2026-04-01T02:00:00+02:00 2026-04-01T02:00:00+02:00 https://coachciso.com/posts/welcome-to-my-new-blog/ Simon Goldsmith

Hello everyone, I have previously used LinkedIn articles to blog. I have had some time and want a more permanent (and more sovereign) place to write in long form about things I’ve worked on recently. My goal is to at least publish one entry in the blog per week. I want to write about cyber security (big surprise) but also about other software, AI, leadership, and resilience engineering topics...