Blog
Writing
Technical notes, lab writeups, and lessons from work across DevOps, cloud infrastructure, and cybersecurity.
AllDevOpsCI/CDDevSecOpsSOCAnsibleinfrastructurecybersecuritypipeline securityCybersecuritySecurity OnionSIEMdevopsidempotencyLinuxsecurityAWSIncident ResponseZeekSuricataIaCAutomationAzureNginxlinuxubuntupythonmigrationautomationcareer transitionbuilding in publiccloud infrastructureportfolioproductionhardeningSSHauditdfail2bandefence in depthshift-left securitycloud securitycareersystems-thinkinglearningcloudCloudArchitectureSecurityLab
Latest Post
3 min read
The Dependency You Forgot You Had
France is migrating 2.5 million government workstations to Linux. I migrated one Python app. The OS switch was the easy part.
linuxubuntupythonmigration
Read Post
5 min read
Ansible Idempotency in Practice
Run it again. If anything changed, you have a problem. What idempotency actually means when you apply a playbook to a live system — and the specific places it breaks without warning.
AnsibleDevOpsinfrastructure
9 min read
Secure the Ground Before You Build the Pipeline — Linux Hardening for DevOps Engineers
Most DevOps engineers spend serious effort on CI/CD security controls and almost none on the Linux hosts those pipelines run on. If the ground is soft, the pipeline controls do not hold. Here is what host hardening actually looks like — and how it reinforces everything above it.
LinuxhardeningDevSecOps