Defending Dev
INDEX / FOR / SECURITY TEAMS · ALSO: CISOS · DEVELOPERS · PRODUCT MANAGERS LAST REVISED 1 JUL 2026
01 — THE SITUATION, PLAINLY

Review capacity is the bottleneck now. Your pipeline is the fix.

Generated code volume grew faster than any review team can. The answer isn’t heroics — it’s provenance-aware pipelines: declared code routed to tuned rulesets, canary tests in CI, and gates that make honesty the fast lane. This page is the pipeline defender’s route in.

Written for the team that owns the gates the code has to pass.

02 — ABOUT THE AUTHOR
Colin Domoney — 30 years across offensive testing, enterprise defence, and the vendor side of the fence.
· 200+ enterprise assessments led
· advisor to 3 F500 security orgs
· vendor sponsorships accepted: 0
03 — START HERE · THREE READS, IN ORDER
WHEN THE THREE READS LAND, THE GUIDE BELOW IS THE NEXT STEP ↓
04 — THE FLAGSHIP GUIDE · FREE WITH EMAIL
DEFENDING DEV PRESS — Nº 1
The CISO's Field Guide to AI-Assisted Development
48 PP.2026 ED.
The provenance controls chapter alone is worth the email.

The 90-day rollout plan, the one-page policy, and the twelve questions to put to every AI-tooling vendor — assembled into a working document.

ONE EMAIL · NO SALES CALL FOLLOWS · PDF + WEB
Get the guide →
05 — HEAR IT ARGUED, ON THE PODCAST Ep. 06 — The pentest that found nothing ▶ 28:40 Ep. 07 — What CISOs get wrong about copilots w/ Dana Okafor ▶ 41:12
06 — RECENT, FOR SECURITY TEAMS