Skip to main content

Blog

Writing

Technical notes, lab writeups, and lessons from work across DevOps, cloud infrastructure, and cybersecurity.

AllDevOpsCybersecurityCI/CDDevSecOpsAWSMSc CybersecuritySOCAnsibleinfrastructurecybersecuritypipeline securityIncident ResponsePenetration TestingIaCAzureSecurity OnionSIEMdevopsidempotencyLinuxsecurityDigital ForensicsAutopsyVolatilityInsider ThreatDMIDockerMicroservicesSpring BootObservabilityWeb SecurityOWASPBurp SuiteFile UploadSecrets ManagementCloud SecurityGitHub ActionsAzure DevOpsMITRE ATT&CKRed TeamSecurity AssessmentTerraformState ManagementZeekSuricataAutomationNginxlinuxubuntupythonmigrationautomationcareer transitionbuilding in publiccloud infrastructureportfolioproductionhardeningSSHauditdfail2bandefence in depthshift-left securitycloud securitycareersystems-thinkinglearningcloudCloudArchitectureSecurityLab
Latest Post
5 min read

The Files Were Deleted. The Evidence Wasn't.

Deleted files, cleared history — digital forensics rebuilt the insider threat timeline from NTFS artefacts, memory, and Windows registry entries.

CybersecurityDigital ForensicsIncident ResponseAutopsy
Read Post
4 min read

The File Upload That Looked Safe — Until I Changed One Request Header

The file upload form had validation. It checked the file type, rejected anything that wasn't an image, and showed a helpful error message. The check ran entirely in the browser.

CybersecurityPenetration TestingWeb Security
5 min read

The Difference Between Finding a Vulnerability and Exploiting It Responsibly

Nmap returned the service version. I already knew the CVE. The exploit was in Metasploit. I did not run it yet. Here is what comes between finding a vulnerability and proving it is real.

CybersecurityPenetration TestingMITRE ATT&CK
4 min read

What a Network Intrusion Actually Looks Like in Security Onion

The alert fired. Here is what came next — a walkthrough of the investigative process behind a ransomware intrusion investigation in Security Onion, from IDS alert triage through log correlation to a coherent incident timeline.

CybersecuritySOCSecurity Onion
4 min read

How I Rebuilt My Technical Career — In Public, With Evidence

19 years in IT. Redundancy. A choice: retrain quietly, or build everything in the open and let the work speak. This is what building in public actually looks like — and why a portfolio beats a CV every time.

career transitionbuilding in publicDevOps
9 min read

Secure the Ground Before You Build the Pipeline — Linux Hardening for DevOps Engineers

Most DevOps engineers spend serious effort on CI/CD security controls and almost none on the Linux hosts those pipelines run on. If the ground is soft, the pipeline controls do not hold. Here is what host hardening actually looks like — and how it reinforces everything above it.

LinuxhardeningDevSecOps
3 min read

What 19 Years in IT Taught Me About Cybersecurity, Cloud, and DevOps

After 19 years in enterprise IT — the last decade owning cybersecurity posture, cloud transformation, and IT governance for a regulated financial services organisation — here is what actually transfers, and why the combination is rare.

careersystems-thinkinginfrastructure
3 min read

Setting Up Security Onion — What I Learned

A practical walkthrough of deploying Security Onion as a SIEM and IDS platform for the first time — what worked, what didn't, and what every SOC analyst candidate should understand before sitting in front of it.

CybersecuritySOCSecurity Onion
Blog | Sonny Enchill