Defending Dev
INDEX / FOR / PRODUCT · ALSO: CISOS · DEVELOPERS · SECURITY TEAMS LAST REVISED 1 JUL 2026
01 — THE SITUATION, PLAINLY

AI made the roadmap faster. Someone has to make it defensible.

Assistant-driven velocity is real, and so is the risk debt it can quietly accrue. The product leader’s job is to buy the speed without buying the incident: provenance in the definition of done, review capacity on the plan, and vendor claims tested before renewal. This page is the roadmap owner’s route in.

Written for the person who owns the trade-off, sprint after sprint.

02 — ABOUT THE AUTHOR
Colin Domoney — 30 years across offensive testing, enterprise defence, and the vendor side of the fence.
· 200+ enterprise assessments led
· advisor to 3 F500 security orgs
· vendor sponsorships accepted: 0
03 — START HERE · THREE READS, IN ORDER
WHEN THE THREE READS LAND, THE GUIDE BELOW IS THE NEXT STEP ↓
04 — THE FLAGSHIP GUIDE · FREE WITH EMAIL
DEFENDING DEV PRESS — Nº 1
The CISO's Field Guide to AI-Assisted Development
48 PP.2026 ED.
The 90-day rollout plan doubles as a roadmap artefact.

The 90-day rollout plan, the one-page policy, and the twelve questions to put to every AI-tooling vendor — assembled into a working document.

ONE EMAIL · NO SALES CALL FOLLOWS · PDF + WEB
Get the guide →
05 — HEAR IT ARGUED, ON THE PODCAST Ep. 04 — Selling "yes, like this" to a sceptical board ▶ 33:05 Ep. 07 — What CISOs get wrong about copilots w/ Dana Okafor ▶ 41:12
06 — RECENT, FOR PRODUCT MANAGERS