Roman Romanenco — WritingArticles on product strategy, enterprise security, and the messy place between them.https://romanromanenco.com/en-usSecurity Has a Product Problemhttps://romanromanenco.com/blog/security-product-problem/https://romanromanenco.com/blog/security-product-problem/I spent years finding critical vulnerabilities. Then I realized finding them wasn't the hard part.Fri, 22 May 2026 00:00:00 GMTCareerA Roadmap Is Not a Product Strategyhttps://romanromanenco.com/blog/product-strategy-blueprint/https://romanromanenco.com/blog/product-strategy-blueprint/Most teams confuse a list of features with a strategy. Here's the 6-step framework I use to build product strategies that actually hold up under pressure.Wed, 06 Sep 2023 00:00:00 GMTProduct Strategy5 Insider Threats Your Company is Overlookinghttps://romanromanenco.com/blog/insider-threats/https://romanromanenco.com/blog/insider-threats/The breach your security team is least prepared for isn't coming from outside. Here are the five insider threat vectors most organizations aren't watching closely enough.Tue, 05 Sep 2023 00:00:00 GMTSecurityHow I Automate Authenticated API Security Testinghttps://romanromanenco.com/blog/automated-api-security-testing/https://romanromanenco.com/blog/automated-api-security-testing/Automating dynamic application security testing (DAST) for service APIs as part of a security testing pipeline, using OWASP ZAP and an OpenAPI spec.Wed, 26 Oct 2022 00:00:00 GMTTechnicalRansomware Defense Doesn't Have to Be Expensivehttps://romanromanenco.com/blog/ransomware-proactive-defense/https://romanromanenco.com/blog/ransomware-proactive-defense/Good cyber hygiene and well-tuned security controls go a long way in defending against ransomware, even without a 'next-gen' product. A breakdown of common delivery techniques and the cost-effective countermeasures that block them.Wed, 27 Apr 2022 00:00:00 GMTSecurityDeconstructing the Ransomware Kill Chainhttps://romanromanenco.com/blog/ransomware-kill-chain/https://romanromanenco.com/blog/ransomware-kill-chain/Ransomware is a relatively noisy form of malware, and its kill chain presents multiple opportunities for network defenders to detect and mitigate the threat. A stage-by-stage breakdown.Wed, 06 Apr 2022 00:00:00 GMTSecurityPass the CISSP on First Try With This Guidehttps://romanromanenco.com/blog/cissp-review/https://romanromanenco.com/blog/cissp-review/Reflections on passing the CISSP on the first try, and the condensed study guide that got me there. Includes a preview of the Cryptography module.Thu, 24 Mar 2022 00:00:00 GMTCareerHow a Malicious Chrome Extension Steals Your Sessionhttps://romanromanenco.com/blog/how-a-malicious-chrome-extension-steals-your-session/https://romanromanenco.com/blog/how-a-malicious-chrome-extension-steals-your-session/Browser extensions are a blindspot most organizations aren't accounting for. Here's how session theft via a malicious extension works, and why it's more accessible than people think.Fri, 28 Aug 2020 00:00:00 GMTTechnical