About this publication
Writing from Decagon's security team
Author
Ben Draffin
Director of Security at Decagon · San Francisco
Ben Draffin is Director of Security at Decagon. He writes here about security and GRC for an AI company selling into enterprise.
Before Decagon, Ben was Senior Staff Security Engineer at Verkada and spent several years on product security and identity at Box. He holds an MS in Information Security from Carnegie Mellon University and a B.Eng. from Vanderbilt University.
I started this site to write down what I'm learning in the job — how deals actually move, where controls lag product, what auditors push on. Examples are anonymized when they need to be.
For security and GRC leads at companies selling into enterprise — people who already know the frameworks and want to know what actually moves in a deal.
Methodology
I write from work at Decagon: redlines, vendor reviews, auditor interviews, the gap between policy and what engineering can demo. If a post mentions a control or negotiation pattern, it's because I hit it repeatedly, not because a checklist suggested it.
What to expect
- Usually about one post a week
- Long essays, not news roundups
- Deal patterns and tradeoff tables where they help
- No sponsors
Corrections
If I get something wrong, I fix it and add Updated YYYY-MM-DD: at the bottom. Typos get fixed quietly.
Stay in touch
Subscribe to the newsletter , follow Ben on LinkedIn , or use the RSS feed .