Resources

Field guides, threat reports, and compliance walkthroughs.

Written by the SEND-SECURELY.COM engineering, security, and compliance team — for the people who have to defend a control set under audit.

Latest

25 articles, newest first

Announcement
Series C: $80M to bring US-only secure file transfer to every regulated team

Why we raised, what we'll build, and a thank-you to the customers who got us here.

Halvor Brennecke · May 13, 2026
Field guide
Inside our incident response playbook — and the tabletop exercise that changed it

The original playbook, a synthetic tabletop scenario, and the two assumptions it broke.

Idris Halloran · Apr 22, 2026
Buyer's guide
FedRAMP Moderate vs High for file transfer: a buyer's decision tree

What's actually in the control delta, realistic ATO timelines, and a decision tree by data classification.

Anaya Selvaraj · Mar 12, 2026
Engineering
Why we deprecated TLS 1.2 — and what that meant for one in nine of our customers

The decision, the 90-day customer-communication runbook, and the legacy AS2 integrations that broke.

Renata Kjelsberg · Feb 12, 2026
Threat report
Quarterly threat report: Q4 2025 — info-stealers and the new BYOD file-share problem

Info-stealer malware families we're tracking, how stolen browser sessions reach vendor portals, and the defenses that work.

Lena Vössen · Jan 27, 2026
Year in review
2025 in review: regulated file transfer turned a corner

The numbers from the year, three customer-side shifts we didn't expect, and what we're focused on in 2026.

Halvor Brennecke · Dec 16, 2025
Compliance
SOC 2 Type II + ISO 27001 + ISO 27701: what the combination actually proves

What the combination of SOC 2 Type II, ISO 27001, and ISO 27701 actually proves — a buyer's-guide explainer.

Anaya Selvaraj · Nov 4, 2025
Product
Recipient verification at the boundary: cutting accidental disclosure by 80%

The misaddressed-link problem, our boundary-verification model, and how the 80% number is measured.

Theron Vask · Oct 8, 2025
Threat report
Quarterly threat report: Q2 2025 — OAuth abuse in B2B file workflows

The pattern, defensive controls that actually moved the needle, and what to watch in your audit log.

Lena Vössen · Sep 9, 2025
Compliance
NIST SP 800-171 Rev. 3 is final — what your file-transfer stack has to prove

What changed in Rev. 3, the control families that touch file transfer, and the evidence your CMMC assessor will request.

Anaya Selvaraj · Aug 19, 2025
Engineering
Engineering deep-dive: how we shave 80 ms off every resumed large-file upload

Where the latency hid, what we changed, and a representative benchmark.

Renata Kjelsberg · Jul 22, 2025
Threat report
Post-mortem reading list: what the 2024–2025 breach wave teaches us about vendor file transfer

Three categories of supply-chain compromise we keep seeing — and the defenses that actually work.

Idris Halloran · Jun 30, 2025
Engineering
US-West is live: inside our second US data residency region

Why we built a second US region, the architecture trade-offs, and what changes for customers running multi-region.

Renata Kjelsberg · May 13, 2025
Vision
Why we joined the Coalition for Secure AI — and what it means for file transfer

Why a file-transfer vendor cares about AI security, and the three things we'll contribute to CoSAI.

Halvor Brennecke · Apr 8, 2025
Buyer's guide
Migrating off legacy managed file transfer: a 30-day playbook

What we've learned helping security teams retire on-prem MFT tooling — without breaking the partner integrations they depend on.

Theron Vask · Mar 11, 2025
Field guide
Field guide: zero-knowledge vs server-side encryption for regulated workloads

Two architectures, very different operational consequences. A practical decision matrix for buyers.

Lena Vössen · Feb 19, 2025
Threat report
Quarterly threat report: Q4 2024 — credential stuffing against vendor portals

What we saw in customer telemetry across Q4 2024, what's working defensively, and what to watch in Q1.

Lena Vössen · Jan 21, 2025
Year in review
2024 in review: what 1.4 billion file transfers taught us about regulated data

A year-end retrospective on the patterns we saw across customer transfers, threats, and audit conversations.

Halvor Brennecke · Dec 17, 2024
Field guide
Why 'password in a separate email' isn't secure file transfer

The mailbox-compromise threat model — and why one mailbox compromise compromises both.

Idris Halloran · Nov 4, 2024
Compliance
How we think about SOC 2 readiness — and the five criteria we'd add to ours

What we focus on in our SOC 2 readiness program — and the five criteria beyond the AICPA TSC minimum that we'd voluntarily include.

Anaya Selvaraj · Oct 29, 2024
Event recap
Field notes from RSA Conference 2024: the secure-transfer conversations vendors aren't having

Three under-discussed themes from our week at Moscone — and one we didn't expect.

Idris Halloran · Sep 24, 2024
Compliance
What changed in HIPAA's 2024 Security Rule update (and what your file-sharing stack needs to do about it)

A practical walkthrough of the 2024 NPRM updates and the file-handling controls they imply.

Anaya Selvaraj · Aug 15, 2024
Vision
Shadow IT isn't a people problem — it's a procurement problem

Why telling employees to 'use the approved tool' fails — and what a procurement-first approach looks like.

Halvor Brennecke · Jul 9, 2024
Engineering
Why we built customer-managed keys into every paid plan

BYOK shouldn't be a Premium tier. Here's the engineering and business reasoning behind moving it down-market.

Renata Kjelsberg · Jun 18, 2024
Product
Our new audit log: every action, every actor, every byte

What we changed about evidence collection — and why it cuts evidence-prep time for SOC 2 audits by 60%.

Theron Vask · May 21, 2024

Field guides, threat reports, and compliance walkthroughs.

25 articles, newest first

Series C: $80M to bring US-only secure file transfer to every regulated team

Inside our incident response playbook — and the tabletop exercise that changed it

FedRAMP Moderate vs High for file transfer: a buyer's decision tree

Why we deprecated TLS 1.2 — and what that meant for one in nine of our customers

Quarterly threat report: Q4 2025 — info-stealers and the new BYOD file-share problem

2025 in review: regulated file transfer turned a corner

SOC 2 Type II + ISO 27001 + ISO 27701: what the combination actually proves

Recipient verification at the boundary: cutting accidental disclosure by 80%

Quarterly threat report: Q2 2025 — OAuth abuse in B2B file workflows

NIST SP 800-171 Rev. 3 is final — what your file-transfer stack has to prove

Engineering deep-dive: how we shave 80 ms off every resumed large-file upload

Post-mortem reading list: what the 2024–2025 breach wave teaches us about vendor file transfer

US-West is live: inside our second US data residency region

Why we joined the Coalition for Secure AI — and what it means for file transfer

Migrating off legacy managed file transfer: a 30-day playbook

Field guide: zero-knowledge vs server-side encryption for regulated workloads

Quarterly threat report: Q4 2024 — credential stuffing against vendor portals

2024 in review: what 1.4 billion file transfers taught us about regulated data

Why 'password in a separate email' isn't secure file transfer

How we think about SOC 2 readiness — and the five criteria we'd add to ours

Field notes from RSA Conference 2024: the secure-transfer conversations vendors aren't having

What changed in HIPAA's 2024 Security Rule update (and what your file-sharing stack needs to do about it)

Shadow IT isn't a people problem — it's a procurement problem

Why we built customer-managed keys into every paid plan

Our new audit log: every action, every actor, every byte