Notes from someone who tinkers.

The Tinkering CISO is Joshua Scott writing about security, AI, and the systems behind them — from the practitioner's chair, not the analyst's.

The premise is simple: most security advice is written for slide decks, not for the people who have to live inside the controls. This is the opposite of that. Every post takes one idea apart like a machine, looks at what each part actually costs, and puts it back together with fewer moving pieces.

No vendor pitches. No fear. Just what actually works in practice.