Blog
Writing
Technical notes, lab writeups, and lessons from work across DevOps, cloud infrastructure, and cybersecurity.
The Files Were Deleted. The Evidence Wasn't.
Deleted files, cleared history — digital forensics rebuilt the insider threat timeline from NTFS artefacts, memory, and Windows registry entries.
I Ran 8 Microservices Locally With One Command — Here's What I Learned
Spring PetClinic is a distributed system — eight Spring Boot microservices, a service registry, an API gateway, and a full observability stack. Here's what running it locally with Docker Compose teaches you that the cloud deployment doesn't.
The File Upload That Looked Safe — Until I Changed One Request Header
The file upload form had validation. It checked the file type, rejected anything that wasn't an image, and showed a helpful error message. The check ran entirely in the browser.
The Credential Problem Nobody Talks About in Pipeline Tutorials
Every CI/CD tutorial ends with a working deployment. What they don't show is the secret sitting in that .yml file, who can read it, and what happens when it expires at 3am.
The Difference Between Finding a Vulnerability and Exploiting It Responsibly
Nmap returned the service version. I already knew the CVE. The exploit was in Metasploit. I did not run it yet. Here is what comes between finding a vulnerability and proving it is real.
Terraform Remote State — Why It Matters and What Breaks Without It
Local Terraform state works fine until it doesn't. Three failure modes of keeping state on your machine, and what remote state with locking actually gives you.
What a Network Intrusion Actually Looks Like in Security Onion
The alert fired. Here is what came next — a walkthrough of the investigative process behind a ransomware intrusion investigation in Security Onion, from IDS alert triage through log correlation to a coherent incident timeline.
The Ansible Play That Catches What Deployment Misses
Three Ansible plays. The third makes no changes — it just asserts the deployment worked. Here's what it caught, and why automated verification is not optional.
The Dependency You Forgot You Had
France is migrating 2.5 million government workstations to Linux. I migrated one Python app. The OS switch was the easy part.
Ansible Idempotency in Practice
Run it again. If anything changed, you have a problem. What idempotency actually means when you apply a playbook to a live system — and the specific places it breaks without warning.
How I Rebuilt My Technical Career — In Public, With Evidence
19 years in IT. Redundancy. A choice: retrain quietly, or build everything in the open and let the work speak. This is what building in public actually looks like — and why a portfolio beats a CV every time.
"No Errors" Is Not the Same as "It Works"
A deployment succeeded. The pipeline went green. The app returned 403. This is the story of two projects, one hard lesson, and why verification is a distinct step from deployment — and where production incidents actually live.
Secure the Ground Before You Build the Pipeline — Linux Hardening for DevOps Engineers
Most DevOps engineers spend serious effort on CI/CD security controls and almost none on the Linux hosts those pipelines run on. If the ground is soft, the pipeline controls do not hold. Here is what host hardening actually looks like — and how it reinforces everything above it.
Why DevOps and Security Keep Fighting (And How to Stop It)
The friction between DevOps and security teams is structural, not personal. It comes from misaligned incentives — and the fix is not compromise, it is integration. Here is what shift-left security actually looks like in practice, from someone who has lived on both sides.
What 19 Years in IT Taught Me About Cybersecurity, Cloud, and DevOps
After 19 years in enterprise IT — the last decade owning cybersecurity posture, cloud transformation, and IT governance for a regulated financial services organisation — here is what actually transfers, and why the combination is rare.
AWS Three-Tier Architecture — The Design Decisions That Matter
Beyond the diagram: the specific design decisions behind a production-grade AWS three-tier deployment — why internal ALBs, why private subnets for RDS, and what actually validates that your architecture is secure.
Setting Up Security Onion — What I Learned
A practical walkthrough of deploying Security Onion as a SIEM and IDS platform for the first time — what worked, what didn't, and what every SOC analyst candidate should understand before sitting in front of it.