Practical writing from the work — vulnerability management, compliance engineering, and incident response in regulated EU environments.
Vulnerability managementAround 3,000 CVEs are published every month and only a small fraction are ever exploited. How CISA KEV and EPSS turn an impossible patching backlog into a short, defensible priority list.
read →Compliance engineeringWho is in scope, the 24-hour and 72-hour incident reporting cascade, the ten baseline security measures, management liability, and where to start.
read →Identity securityKilling legacy authentication, Conditional Access done right, phishing-resistant MFA for admins, break-glass accounts, app consent, and privileged role hygiene.
read →Compliance engineeringWhat to log, how long to keep it, daily review, time sync, and log integrity — and how to generate the evidence continuously instead of before the audit.
read →Detection engineeringThe honest economics of SIEM: why licensing is the smaller cost, where in-house deployments stall, and the questions that cut through vendor noise.
read →Incident responseScoping with message trace, purging delivered mail, blocking the wave, finding who clicked, and containing compromised accounts.
read →Pipeline securityWhy API keys end up in git history, the three layers of secrets scanning that work, the first hour after a leak, and how short-lived credentials shrink the problem.
read →