Skip to main content
Currently on loravaughn.com → visit Vaughn Cyber Group
Lora Vaughn

// BLOG

All posts.

Field notes from 20+ years in security. Plus the occasional detour into life, work, and whatever else is on my mind.

Featured image for The Security Program You Actually Need (Not the One Vendors Are Selling You)

The Security Program You Actually Need (Not the One Vendors Are Selling You)

Most security advice assumes you're a Fortune 500. You're not. Here's what you actually need at your size, what you can skip, and how to know when to level up.

community-banksfintechstartupssecurity-programsright-sizing-securityinsights
Featured image for I Built a Live Deepfake in 30 Minutes. Here's the Part That Actually Scares Me.

I Built a Live Deepfake in 30 Minutes. Here's the Part That Actually Scares Me.

Using AI coding tools, I built a convincing live deepfake demo in 30 minutes with zero machine learning knowledge. The barrier to creating sophisticated attacks isn't technical skill anymore, it's just intent.

aideepfakesfraud-preventionsocial-engineering
Featured image for Intentions, Not Resolutions: On Choosing Presence Over Urgency

Intentions, Not Resolutions: On Choosing Presence Over Urgency

On knowing the always-on CISO life isn't sustainable, doing it anyway, and what fractional work is teaching me about presence.

careercisoleadershipwork-life-balancefractional-cisonew-yearsintentionsinsights
Featured image for When Everything Is Critical, Nothing Is Critical

When Everything Is Critical, Nothing Is Critical

Your vulnerability scanner flagged 10,000 issues. Your SIEM has 500 critical alerts. Every project is top priority. So what do you actually fix first?

vulnerability-managementprioritizationsecurity-operationscisorisk-managementsecurity-strategy
Featured image for Security Theater vs. Security: How to Tell the Difference

Security Theater vs. Security: How to Tell the Difference

That shiny new security tool looks impressive in the demo. But will it actually reduce risk? Here's how to tell security theater from real security before you waste the budget.

security-strategybudget-planningsecurity-toolscisorisk-managementsecurity-theater
Featured image for Stop Protecting Systems, Start Protecting Data

Stop Protecting Systems, Start Protecting Data

Why modern security strategies must shift from system-centric defenses to data-centric protection approaches.

data-securitysecurity-strategydata-protection
Featured image for When Your Bank Examiner Says 'Risk Assessment' and You Break Out in Hives

When Your Bank Examiner Says 'Risk Assessment' and You Break Out in Hives

Why most cybersecurity guidance for community banks is useless, and what to do instead

cybersecuritybankingcompliancecommunity-banksrisk-managementinsights
Featured image for Vibe Coding: How to Write Secure Code When AI Does the Heavy Lifting

Vibe Coding: How to Write Secure Code When AI Does the Heavy Lifting

AI coding tools are powerful, but they're trained on decades of mediocre code. Here's how to harness them without inheriting every security mistake we've been making since the 90s.

securityaidevelopmentcodingai-codingsecure-developmentcopilotclaude-codebest-practices
Featured image for How to Respond When Your Customer Sends You a Security Questionnaire

How to Respond When Your Customer Sends You a Security Questionnaire

Your biggest deal just sent a 200-question security assessment. Here's your step-by-step playbook for responding without losing the deal or your mind.

vendor-riskcompliancesales-enablementinsights
Featured image for How to Get SOC 2 Certified: Startup Guide (Costs $15K-50K, Takes 3-6 Months)

How to Get SOC 2 Certified: Startup Guide (Costs $15K-50K, Takes 3-6 Months)

How much does SOC 2 cost? $15K-50K for audit + $5K-30K/year in tools. Real timeline: 3-6 months prep + 4-8 weeks audit. Here's what you actually need (and what you can skip).

soc2compliancestartup-securityauditssoc2-costsoc2-requirementsinsights