What this is
Security workflows I've built and actually use — cloud forensics, threat hunting, incident response. Practical stuff, not theory.
How I approach it
- Show the full picture. Explain the context, walk through configuration, verify it works.
- Document decisions. Trade-offs, gotchas, and why I chose one approach over another.
- Make it repeatable. If a teammate can't run this tomorrow, it's not ready.
What you'll find
Email security — authentication controls (SPF, DKIM, DMARC), phishing analysis, evidence preservation
Cloud & identity — Azure forensics, container workflows, least-privilege patterns
Detection engineering — honeypot setups, log aggregation pipelines, alert tuning
Incident response — PCAP analysis, malware triage, repeatable investigation workflows
Most posts work standalone. When a sequence helps, I link them. Every post includes working examples and the reasoning behind them.
Currently working on
- Refining detection rules to maximize signal and minimize false positives
- Building agent-assisted IR workflows to reduce manual triage time
- Expanding cloud forensics coverage (AWS, GCP alongside Azure)
See something wrong or have suggestions? Let me know. This site evolves as I learn.