Skip to main content

Blog

Writing

Technical notes, lab writeups, and lessons from work across DevOps, cloud infrastructure, and cybersecurity.

AllDevOpsCI/CDDevSecOpsSOCAnsibleinfrastructurecybersecuritypipeline securityCybersecuritySecurity OnionSIEMdevopsidempotencyLinuxsecurityAWSIncident ResponseZeekSuricataIaCAutomationAzureNginxlinuxubuntupythonmigrationautomationcareer transitionbuilding in publiccloud infrastructureportfolioproductionhardeningSSHauditdfail2bandefence in depthshift-left securitycloud securitycareersystems-thinkinglearningcloudCloudArchitectureSecurityLab
Latest Post
3 min read

"No Errors" Is Not the Same as "It Works"

A deployment succeeded. The pipeline went green. The app returned 403. This is the story of two projects, one hard lesson, and why verification is a distinct step from deployment — and where production incidents actually live.

AnsibleDevOpsCI/CDproduction
Read Post
9 min read

Why DevOps and Security Keep Fighting (And How to Stop It)

The friction between DevOps and security teams is structural, not personal. It comes from misaligned incentives — and the fix is not compromise, it is integration. Here is what shift-left security actually looks like in practice, from someone who has lived on both sides.

DevSecOpsshift-left securityCI/CD
5 min read

AWS Three-Tier Architecture — The Design Decisions That Matter

Beyond the diagram: the specific design decisions behind a production-grade AWS three-tier deployment — why internal ALBs, why private subnets for RDS, and what actually validates that your architecture is secure.

AWSCloudArchitecture
Blog | Sonny Enchill