Welcome to the Vigilant Violet blog!

Here you will find a wealth of information, inspiration, education, and actionable insights to help you take the next step in your information security career.

Identity Is the New Perimeter. We're Not Securing It Like One.
leadership, teaching, coaching, cloud & identity security, AI Risk & Emerging Threats, Detection & Response, Program Maturity & Governance Jess Vachon leadership, teaching, coaching, cloud & identity security, AI Risk & Emerging Threats, Detection & Response, Program Maturity & Governance Jess Vachon

Identity Is the New Perimeter. We're Not Securing It Like One.

We designed access controls around human users. Then came service accounts, API keys, OAuth tokens, CI/CD pipeline credentials, AI agents with standing permissions to read your email and write to your systems. Suddenly you have an enormous non-human identity surface that's under-governed, over-privileged, and in most organizations — nobody's actually accountable for it. Identity is the new perimeter. We're not securing it like one.

Read More
From Promise to Preparedness: How to Secure AI and Keep Our Edge
Securing GenAI, information security, AI Guardrails Jess Vachon Securing GenAI, information security, AI Guardrails Jess Vachon

From Promise to Preparedness: How to Secure AI and Keep Our Edge

GenAI is moving fast—faster than your risk register and definitely faster than your last governance meeting. Securing it isn’t just a tech puzzle; it’s a leadership challenge. In "Securing Generative AI: A Strategic Framework for Security Leaders," Pierre Mouallem lays out a solid foundation—but real-world security leaders know the real struggle isn’t in knowing what to do. It’s doing it at scale, under pressure, and without crushing the innovation we’re trying to protect. Let’s talk feasibility, friction, and what it really takes to get this right.

Read More
Noise Reduction: How to make Vulnerability Management a Real Threat Awareness Tool
leadership, information security Jess Vachon leadership, information security Jess Vachon

Noise Reduction: How to make Vulnerability Management a Real Threat Awareness Tool

Drowning in scanner alerts? You're not managing risk—you're babysitting noise.
Vulnerability scanners are just the start. Real security means going beyond alerts to validate what’s actually exploitable. Inspired by a sharp piece from Picus Security, this post dives into why CVSS scores and endless CVEs don’t tell the full story—and how exposure validation can turn chaos into clarity. Ready to shift from noise to nuance? Let’s go.

Read More