Notes from the field
Writing on cloud, DevOps, security, and AI engineering, informed by what actually goes wrong in production.
Defender for Cloud: cutting through the noise
Microsoft Defender for Cloud surfaces a lot. Here's how I prioritize so the team acts on what matters and ignores the rest, without drowning in tickets.
Microsoft Sentinel for small teams: getting real value without a SOC
You don't need a 24/7 security operations center to get value from Sentinel. Here's how a small team can deploy it pragmatically and actually use what they collect.
Securing AI endpoints: PII, prompt injection, and output filtering
Three categories of attack on production LLM endpoints and the defensive patterns that actually work in practice.
Microsoft Entra ID PIM: a practical setup that doesn't break the team
Privileged Identity Management is one of the highest-leverage security upgrades you can make. Here's how I roll it out without grinding admin work to a halt.
Key Vault RBAC vs Access Policies: migrate now, your future self will thank you
Azure Key Vault has two permission models. One is the future, one is the past, and most of us are still using the past. Here's how to switch.
Federating GitHub Actions to Azure with OIDC — no more client secrets
A walkthrough of how to deploy from GitHub Actions to Azure without storing a client secret anywhere. Faster, safer, easier to rotate.
Hardening a new Azure subscription: my first-10-settings checklist
The first ten things I configure on every new Azure subscription before any workload goes near it. Identity, policy, monitoring, and the things teams forget until it's too late.