Engineering deep dives, not tutorials.
System design, distributed systems, and production patterns for engineers who build at scale.
Latest Articles
Fresh deep dives into system design, security, and engineering.
AI Video Generation in 2025 — Models, Costs, and How to Build a Cost-Effective Pipeline
A comprehensive guide to AI video generation models — Sora, Veo 2, Kling, Runway Gen-3, Hailuo AI, Pika, and open-weight alternatives — covering per-second pricing, quality comparisons, and production strategies that cut costs by 80% using model tiering, image-to-video workflows, and smart stitching.
AI Models in 2025 — Cost, Capabilities, and Which One to Use
A comprehensive comparison of AI models from Anthropic, OpenAI, Google, Meta, Mistral, and DeepSeek — covering pricing, capabilities, context windows, and which model is the best fit for every use case.
AI Image Generation in 2025 — Models, Costs, and How to Optimize Spend
A comprehensive guide to AI image generation models — DALL-E 3, GPT Image 1, Imagen 3, Stable Diffusion, FLUX, and Midjourney — covering per-image pricing, quality comparisons, and strategies to cut costs by 10-20x with batching, caching, model routing, and draft-refine workflows.
AI Agents Demystified — It's Just Automation With a Better Brain
A grounded, no-hype take on AI agents. They're not magic — they're the same automation patterns we've been building for decades (cron jobs, pipelines, state machines), except the if/else decision engine is replaced by an LLM that can handle ambiguity. Here's what's actually new, what isn't, and how to build agents without the buzzword fog.
AI Coding Assistants in 2025 — Every Tool Compared, and Which One to Actually Use
A deep comparison of AI coding assistants — GitHub Copilot, Cursor, Claude Code, Aider, Windsurf, Continue, Cody, Supermaven, and Devin — covering features, pricing, architecture, and which tool wins for each workflow.
Supply Chain Security — Protecting Your Software Pipeline
A comprehensive guide to software supply chain security. Covers SLSA framework, dependency pinning, reproducible builds, provenance verification, and lessons from real-world supply chain attacks (SolarWinds, Log4Shell, xz).
What I Write About
More Articles
Browse All arrow_forward
Security Ticketing and Incident Response
Build an effective security incident response process. Covers incident classification, runbooks, ticketing workflows, communication templates, and post-incident reviews — with practical examples for cloud environments.
Security Mindset for Engineers — Think Like an Attacker
Learn how to adopt a security-first mindset as a software engineer. Covers threat modeling, attack surfaces, defense in depth, and the principle of least privilege — with real-world examples from cloud environments.
Secrets Management — Vault, SSM, and Secrets Manager
A practical guide to secrets management in cloud environments. Compare HashiCorp Vault, AWS SSM Parameter Store, and AWS Secrets Manager — with implementation patterns, rotation strategies, and common pitfalls.
OWASP Top 10 for Cloud Applications
The OWASP Top 10 through the lens of cloud-native applications. Covers how each vulnerability manifests in AWS/GCP/Azure environments, with cloud-specific attack vectors and defenses for serverless, containers, and microservices.
Penetration Testing Basics for Developers
A developer-friendly introduction to penetration testing. Covers reconnaissance, common attack vectors, tools (Burp Suite, nmap, OWASP ZAP), writing security test cases, and how to think like an attacker without being one.
Dependency Vulnerability Detection at Scale
How to detect and manage vulnerable dependencies across hundreds of repositories. Covers SCA tools (Snyk, Dependabot, Trivy), SBOM generation, vulnerability prioritization, and building an automated remediation pipeline.
Compliance Automation — SOC2 and ISO 27001
Automate compliance for SOC2 and ISO 27001 using infrastructure as code, continuous monitoring, and policy-as-code tools. Covers AWS Config, Open Policy Agent, and building evidence collection pipelines.
Code Signing — Why and How
Understand why code signing matters and how to implement it. Covers signing Git commits, Docker images (cosign/Notary), npm packages, and building a chain of trust from developer to production.
CloudTrail and Security Observability
How to build security observability in AWS using CloudTrail, CloudWatch, and Athena. Covers audit logging, anomaly detection, SIEM integration, and building custom security dashboards.
Ready to build something together?
I take on 1-2 projects at a time. Let's talk about your next challenge.
Hire Me