The ARMOR Model

Blog

Perspectives on offensive security maturity, program development, and the evolving threat landscape.

April 15, 2026Threat IntelligenceMaturityGovernance

The New SLA: 29 Minutes & 22 Seconds

CrowdStrike and Mandiant have published data that reframes breakout time as a program maturity problem, not a detection problem. The scope of your testing program and the strength of your governance infrastructure determine whether these numbers are relevant to your defensive posture at all.

Greg AndersonRead more →

April 9, 2026AIMaturityGlasswing

Mythos Preview and the Case for Program Maturity

The security industry's response to Anthropic's Claude Mythos Preview has focused on the vulnerability backlog and remediation resources. That framing misses the more important question.

Greg AndersonRead more →