Long-form on enterprise browsers, proxies, and enforcement. How it actually works, what the tradeoffs really cost. These are the canonical versions of what I post on LinkedIn.
Every extension-based DLP I tested loses sight of the user the moment an incognito window opens. The mechanism, and why policy can't fully close it.
Chrome sync will happily carry corporate state into personal profiles. What the MDM scoping rules actually cover, item by item.
If your security tool needs to watch the screen to do its job, you have already left the extension model. The mechanics of why.
Vendors quote hours saved per user per week. How those numbers get made, and which ones survive contact with a real deployment.
We pushed serious TLS traffic through both. The decision came down to GC pauses you can budget for versus lifetimes you pay for daily.
Consolidation slideware says one agent, one policy. The enforcement plumbing underneath says otherwise. What merging actually requires.
What a gateway can and cannot do about prompt injection, written for people who have to sign off on AI tools this quarter.