/ writing · 04 posts

Notes on detection and operations.

RSS →

Practical writing on SOC work — detection engineering, shift leadership, and the tools that support both. No hot takes; just what I've seen work.

/ series · 04

Recurring threads.

Most writing here lives in one of these threads. Subscribe to a single series via RSS or all of them at /rss.xml.

Investigations

00

End-to-end walkthroughs of synthetic SOC alerts — what I checked, why, and what closed it.

View thread →

Attack Walkthroughs

01

Step-by-step technique breakdowns: how a TTP works, what telemetry catches it, and where detections fail.

View thread →

Cybernews

00

My read on the week's big security news — what changed, what to do about it.

View thread →

Project Notes

02

Build logs and deep dives on the tooling I ship — design decisions, tradeoffs, lessons.

View thread →