-
Cost Governance Is a Security Control
Microsoft's reference solution for VM start/stop automation wants Contributor on every subscription. That's not a governance gap — it's a lateral-movement path. Here's how a tag-based scheduler with a 6-action...
-
Governing AI Capacity as Code: Security Copilot and Azure OpenAI
Standing AI capacity is both a budget leak and an attack surface. Here's how I deploy Microsoft Security Copilot and Azure OpenAI as Bicep — with a provision-one-then-zero pattern that...
-
Zero-Trust Edge: Azure Front Door to APIM to Private AKS
Most zero-trust demos have gaps. Here's an edge architecture that closes them — AFD Premium with WAF in Prevention mode, APIM locked to the Front Door instance by header, and...
-
Verifiable Identity and Passwordless Onboarding with Entra Verified ID
A full employee onboarding portal built on Entra Verified ID, FIDO2, and manager approval — plus the mid-build pivot from App Service to Container Apps, and why Container Apps was...
-
Information Protection as Code: Automating Data Governance at Scale
Data governance dies in the gap between a taxonomy everyone agreed to in a meeting and the portal clicks nobody audits. Here's how treating labels and controls as code —...
-
Detection-as-Code: Sentinel CI/CD, Then and Now
In 2021 I wrote Sentinel detections by typing KQL into a browser and hitting save. In 2026 every rule is Bicep, syntax-validated in CI, and deployed over OIDC. Here's the...
-
Azure Landing Zones as Code: Governing the Cloud at Machine Speed
How I rebuilt enterprise Azure governance as Bicep IaC with per-module what-if gating, OIDC, and an AI pair-programmer.
-
Shipping Security at Machine Speed: My AI-Accelerated DevSecOps Journey
Kicking off a series on rebuilding a security + cloud practice around AI agents — and shipping real DevSecOps at a pace that wasn't possible before.
-
Project Glasswing & Mythos: What Microsoft's Guidance Means for the Rest of Us
Breaking down Microsoft's 5-domain guidance for organizations in the wake of Project Glasswing and Anthropic's Claude Mythos
-
No Phone?
Why I'm not answering your emails
-
Detecting Suspicious Login Activity for Service Principals in Azure Active Directory
This post explains the reasoning behind a Microsoft Sentinel rule to detect Service Principals logging in from IPs they haven't used before
-
CI/CD for ASIM functions in Microsoft Sentinel
Keeping ASIM functions up-to-date with GitHub Actions
-
Writing Sentinel Analytics Rules to Detect Anomalies
A tutorial on writing Sentinel rules in KQL with dynamic thresholds for detections
-
Edmond Public Schools Server Exposing Potentially Vulnerable Services to Internet Since 2019
Edmond Public Schools has been running a server exposing WinRM & RDP to the Internet since January 2019
-
Selected Microsoft Ignite 2020 Announcements
A curated list of Ignite 2020 announcements
-
Alexa, Secure My Home Network
Presentation at Infragard OK March 2018 Meeting
-
SSH Key & TOTP Authentication
Two-factor SSH for extra security
-
Network Footprinting Workbook
Information Warfare Summit 10 Workshop
-
Information Warfare Summit 9 Presentation
Wi-Fi Security
-
Managing a Microsoft PKI with SharePoint
Monitor something no one understands with something no one likes...
-
Information Warfare Summit 8 Presentation
Basic Malware Analysis