Signal › Contributors

Nadia Volkov

Enterprise Security at Signal · Arlington, VA

I spent four years as a contractor at the NSA, which I'm allowed to say but not allowed to say much more about. What I can tell you: the gap between how nation-states think about security and how enterprises think about security is not a gap. It's a canyon. On one side, people who assume every system is compromised and work backwards from there. On the other, people who think a firewall and an annual pen test constitute a security program.

After leaving government work in 2019, I joined Cloudflare as a security engineer on the Zero Trust team. This was before "zero trust" became a marketing term that every vendor slapped on their product page. We were building the actual architecture: identity-aware proxies, device posture checks, micro-segmentation at the network layer. I worked on the Access product and later on Gateway.

The thing that radicalized me was customer conversations. I'd talk to CISOs at Fortune 500 companies who had spent $40M on security tooling and couldn't answer basic questions like "who accessed this database last Tuesday?" or "what happens if an employee's laptop is compromised right now?" They had tools. They had dashboards. They had compliance certifications. They did not have security.

I left Cloudflare in 2023 and started writing a newsletter called "Posture Check" that became mildly infamous for roasting companies' security architectures based on publicly available information. The CrowdStrike outage piece I wrote in July 2024 got 500K+ views and a threatening letter from a law firm, which I framed.

Signal recruited me to bring that same energy to a broader audience. My beat is enterprise security: not the CVE-of-the-week stuff, but the structural decisions that determine whether a company is actually secure or just compliant. There's a difference, and it's usually about $200M in breach costs.

I live in Arlington, Virginia. I have a German Shepherd named Packet and I do competitive CrossFit, which is the second most masochistic hobby after reading NIST frameworks for fun.

Experience

Security Engineer, Cloudflare (Zero Trust)
NSA Contractor (2015-2019)
Newsletter: Posture Check (31K subscribers)

Articles by Nadia Volkov (5)

Why 'X vs Y' Pages Dominate AI Recommendations (And How to Win Them)Comparison and alternatives pages are the highest-citation content type in AI search. Here is the data on why, and the production system that turns th · May 25, 2026 Pillar Pages Are Back: Topical Authority for AEO in 2026Citation share is a measurable metric, but only if you instrument it. A working prompt testing harness that hits ChatGPT, Claude, Perplexity, Gemini, · May 25, 2026 China AI Search: Baidu Ernie, Tencent Yuanbao, ByteDance Doubao AEO StrategyStrict CORS, Content-Security-Policy nonces, X-Frame-Options, and Permissions-Policy headers are quietly stripping content from GPTBot, ClaudeBot, and · May 25, 2026 Headless CMS for AEO: Sanity, Contentful, and Strapi Compared on Citation-WorthinessOutcome-based quizzes built on Outgrow, Typeform, and Tally produce shareable result-page URLs that LLMs index and cite. The BuzzFeed playbook, adapte · May 26, 2026 WordPress AEO Plugins Sorted: Which Actually Move Citation RatesThe $950M round that crossed 40% Fortune 50 penetration isn't about market size. It's about a defensibility architecture that traditional SaaS never b · May 27, 2026