Defending Dev
INDEX / FOR / DEVELOPERS · ALSO: CISOS · SECURITY TEAMS · PRODUCT MANAGERS LAST REVISED 1 JUL 2026
01 — THE SITUATION, PLAINLY

The assistant ships more code than you do. Make it code you can stand behind.

Nobody is taking the copilot away — and nobody should. The skill that matters now is directing it: prompts that carry your threat model, reviews that catch what it invents, and a paper trail that keeps your name safe on the commit. This page is the working developer’s route in.

Written for the person whose name is on the merge commit.

02 — ABOUT THE AUTHOR
Colin Domoney — 30 years across offensive testing, enterprise defence, and the vendor side of the fence.
· 200+ enterprise assessments led
· advisor to 3 F500 security orgs
· vendor sponsorships accepted: 0
03 — START HERE · THREE READS, IN ORDER
WHEN THE THREE READS LAND, THE GUIDE BELOW IS THE NEXT STEP ↓
04 — THE FLAGSHIP GUIDE · FREE WITH EMAIL
DEFENDING DEV PRESS — Nº 1
The CISO's Field Guide to AI-Assisted Development
48 PP.2026 ED.
The same playbook your CISO is reading — worth knowing what’s coming.

The 90-day rollout plan, the one-page policy, and the twelve questions to put to every AI-tooling vendor — assembled into a working document.

ONE EMAIL · NO SALES CALL FOLLOWS · PDF + WEB
Get the guide →
05 — HEAR IT ARGUED, ON THE PODCAST Ep. 06 — The pentest that found nothing ▶ 28:40 Ep. 07 — What CISOs get wrong about copilots w/ Dana Okafor ▶ 41:12
06 — RECENT, FOR DEVELOPERS Reviewed: three SAST tools vs. assistant-written repos REVIEW · 14 MIN