Defending Dev
MONDAY 6 JULY 2026 BY COLIN DOMONEY · 30 YEARS IN SECURITY
01 — THE THESIS

AI is writing production code today. Good. Now let’s make it defensible.

Thirty years of security work says every wave of speed becomes a wave of safety — once someone writes down how. Defending Dev is where it gets written down: diplomatically, weekly, in public.

WEEKLY · 4,200 READERS · NO FLUFF
02 — WHERE DO YOU FIT? I run security CISO start here → I defend the pipeline SECURITY TEAM start here → I ship the code DEVELOPER start here → I own the roadmap PRODUCT start here →
Each is a curated path, not a feed — three reads, then the guide.
03 — LATEST
ALSO THIS WEEK: FIVE-MINUTE FIX — SECRETS IN GENERATED CODE · REVIEWED — THREE SAST TOOLS VS. ASSISTANT-WRITTEN REPOS FULL ARCHIVE →
04 — THE FLAGSHIP GUIDE · FREE WITH EMAIL
DEFENDING DEV PRESS — Nº 1
The CISO's Field Guide to AI-Assisted Development
48 PP.2026 ED.
Policy templates your board will actually sign.

The 90-day rollout plan, the one-page policy, and the twelve questions to put to every AI-tooling vendor — assembled into a working document.

ONE EMAIL. NO SALES CALL FOLLOWS.
Get the guide →
05 — ON THE PODCAST Ep. 07 — What CISOs get wrong about copilots ▶ 41:12 Ep. 06 — The pentest that found nothing ▶ 28:40
06 — THE WEEKLY LETTER
One idea, three links, no fluff. Sent every Thursday.