thefullstackciso.com
Security, shipped
Vol. I — No. 7Falls Church, Va.Thursday, July 16, 2026Price: free, always

The Full Stack CISOLeadershipPage A7May 16, 2026
Leadership

Defense in depth on a nonprofit budget

The full free-tier security map — and the one architectural fact that reorders every priority on it.

This is the capstone: the whole picture, assembled from free and low tiers. Row-level security on the database. A CAPTCHA on the doors that spend money. The five free firewall rules. App-level rate limits. Cached reads on object storage. Email authentication set to reject. Anomaly alerts that name names.

The fact that reorders everything

Draw the diagram and one thing jumps out. The endpoints that cost real money — the ones that call a model or send mail — talk to the backend directly, off the CDN zone. Which means none of the edge protections actually stand in front of the things you most need to protect, until you move them.

Defense in depth is only depth if the layers are on the path the attacker takes.

Free, Pro, and Enterprise, honestly

Most of this is free and genuinely good enough. Pro buys you more firewall rules and better analytics retention. Enterprise buys you Logpush and support. Know which tier each control needs before you promise the board it is handled.

letters to the editor

Loading the letters…

sign in with your email · your CertScore shows on your letter