cybersecurity · hybrid cloud · grc
Computer enthusiast in Vancouver, BC. Enterprise infrastructure and security work, documented in public.
This site is my knowledge aggregator — a public record of explorations, experiments, and the occasional guide. Posts document what I was thinking at the time; some of it will age, all of it is a reference point.
Off the clock it's projects, time permitting — but mostly family.
How attackers get into enterprise environments — and how to keep them out. Defense in depth, endpoint protection, security posture over theory.
Enterprise infrastructure across on-premises and cloud. The unglamorous plumbing that keeps organizations running.
Translating security frameworks into operational reality — policies, audits, and risk decisions that hold up outside the binder.
The attacker top 10 hasn't changed in a decade — predictable threats are preventable. Why application allowlisting belongs in front of your EDR, not behind it.
A pre-auth Windows Netlogon stack overflow (CVSS 9.8), exploited in the wild — why the popular Defender hunt watches the wrong port, and KQL for the real CLDAP path.
This site is now fully Cloudflare-native: Astro prerendered to static HTML, served as Worker assets from the edge, with a live API route in the same deployment.