Engineering deep dives, not tutorials.
System design, distributed systems, and production patterns for engineers who build at scale.
Latest Articles
Fresh deep dives into system design, security, and engineering.
Supply Chain Security — Protecting Your Software Pipeline
A comprehensive guide to software supply chain security. Covers SLSA framework, dependency pinning, reproducible builds, provenance verification, and lessons from real-world supply chain attacks (SolarWinds, Log4Shell, xz).
Security Ticketing and Incident Response
Build an effective security incident response process. Covers incident classification, runbooks, ticketing workflows, communication templates, and post-incident reviews — with practical examples for cloud environments.
Security Mindset for Engineers — Think Like an Attacker
Learn how to adopt a security-first mindset as a software engineer. Covers threat modeling, attack surfaces, defense in depth, and the principle of least privilege — with real-world examples from cloud environments.
Secrets Management — Vault, SSM, and Secrets Manager
A practical guide to secrets management in cloud environments. Compare HashiCorp Vault, AWS SSM Parameter Store, and AWS Secrets Manager — with implementation patterns, rotation strategies, and common pitfalls.
Penetration Testing Basics for Developers
A developer-friendly introduction to penetration testing. Covers reconnaissance, common attack vectors, tools (Burp Suite, nmap, OWASP ZAP), writing security test cases, and how to think like an attacker without being one.
OWASP Top 10 for Cloud Applications
The OWASP Top 10 through the lens of cloud-native applications. Covers how each vulnerability manifests in AWS/GCP/Azure environments, with cloud-specific attack vectors and defenses for serverless, containers, and microservices.
What I Write About
More Articles
Browse All arrow_forward
Dependency Vulnerability Detection at Scale
How to detect and manage vulnerable dependencies across hundreds of repositories. Covers SCA tools (Snyk, Dependabot, Trivy), SBOM generation, vulnerability prioritization, and building an automated remediation pipeline.
Container Security — Docker and Kubernetes Hardening
A hands-on guide to securing Docker containers and Kubernetes clusters. Covers image scanning, rootless containers, network policies, pod security standards, and runtime threat detection.
Compliance Automation — SOC2 and ISO 27001
Automate compliance for SOC2 and ISO 27001 using infrastructure as code, continuous monitoring, and policy-as-code tools. Covers AWS Config, Open Policy Agent, and building evidence collection pipelines.
Building a Security Pipeline — DevSecOps in Practice
How to build a complete security pipeline integrated into your CI/CD. Covers SAST, DAST, SCA, secret scanning, infrastructure scanning, and how to shift security left without slowing down developers.
Auto-Remediation with Lambda — Fix Security Issues Automatically
Build automated security remediation using AWS Lambda, EventBridge, and Config Rules. Auto-close open security groups, revoke public S3 buckets, and enforce tagging — with real Lambda code examples.
Code Signing — Why and How
Understand why code signing matters and how to implement it. Covers signing Git commits, Docker images (cosign/Notary), npm packages, and building a chain of trust from developer to production.
Build a Cloud Security Scanner — Hands-On Project
Build a real cloud security scanner from scratch using Python and AWS APIs. Scan for open security groups, public S3 buckets, unencrypted volumes, overly permissive IAM policies, and generate a security report.
CloudTrail and Security Observability
How to build security observability in AWS using CloudTrail, CloudWatch, and Athena. Covers audit logging, anomaly detection, SIEM integration, and building custom security dashboards.
AWS IAM Security — Beyond Basic Roles
Deep dive into AWS IAM security best practices. Covers permission boundaries, SCPs, assume role chains, session policies, and how to audit IAM for least-privilege access in production environments.
Ready to build something together?
I take on 1-2 projects at a time. Let's talk about your next challenge.
Hire Me