Writing · 5 posts

Field notes
from the trenches.

Detection engineering, offensive security, cloud, and the unglamorous controls that actually stop intrusions.

Building an Open-Source-First SOC for 25+ Clients

What it actually takes to run SIEM, EDR, and threat hunting for dozens of tenants on Wazuh and Elastic — without drowning in alerts or licensing fees.

Read the post →

Offensive Security·Apr 28, 2026

Automating VAPT Reports Without Losing the Craft

After 50+ pentests, the report was the bottleneck — not the testing. Here's how I automated the boring parts while keeping the findings sharp.

7 min read

Cloud Security·Apr 09, 2026

Cloud Pentesting: IAM Is the Whole Ballgame

Across AWS, GCP, and Azure, the same pattern keeps showing up — the breach isn't a clever exploit, it's an over-permissioned role nobody audited.

9 min read

Detection Engineering·Mar 22, 2026

Detection-as-Code with Cribl, Elastic, and Splunk

Routing pipelines and version-controlled correlation rules turned our detection content from tribal knowledge into something we can test and ship.

11 min read

Defensive Security·Feb 27, 2026

Email Security Is Still the Front Door

Sublime Security rules derived from real-world attacks, plus disciplined DMARC/SPF/DKIM — the unglamorous controls that stop most intrusions.