Skip to main content

Blog

Writing

Technical notes, lab writeups, and lessons from work across DevOps, cloud infrastructure, and cybersecurity.

AllDevOpsCI/CDDevSecOpsSOCAnsibleinfrastructurecybersecuritypipeline securityCybersecuritySecurity OnionSIEMdevopsidempotencyLinuxsecurityAWSIncident ResponseZeekSuricataIaCAutomationAzureNginxlinuxubuntupythonmigrationautomationcareer transitionbuilding in publiccloud infrastructureportfolioproductionhardeningSSHauditdfail2bandefence in depthshift-left securitycloud securitycareersystems-thinkinglearningcloudCloudArchitectureSecurityLab
Latest Post
5 min read

Ansible Idempotency in Practice

Run it again. If anything changed, you have a problem. What idempotency actually means when you apply a playbook to a live system — and the specific places it breaks without warning.

AnsibleDevOpsinfrastructureidempotency
Read Post
3 min read

"No Errors" Is Not the Same as "It Works"

A deployment succeeded. The pipeline went green. The app returned 403. This is the story of two projects, one hard lesson, and why verification is a distinct step from deployment — and where production incidents actually live.

AnsibleDevOpsCI/CD
9 min read

Secure the Ground Before You Build the Pipeline — Linux Hardening for DevOps Engineers

Most DevOps engineers spend serious effort on CI/CD security controls and almost none on the Linux hosts those pipelines run on. If the ground is soft, the pipeline controls do not hold. Here is what host hardening actually looks like — and how it reinforces everything above it.

LinuxhardeningDevSecOps
9 min read

Why DevOps and Security Keep Fighting (And How to Stop It)

The friction between DevOps and security teams is structural, not personal. It comes from misaligned incentives — and the fix is not compromise, it is integration. Here is what shift-left security actually looks like in practice, from someone who has lived on both sides.

DevSecOpsshift-left securityCI/CD
Blog | Sonny Enchill