Insights

An experiment in adversarial AI: local, air-gapped agent crews playing attacker and defender against each other in a sealed, fully observable lab.

How I prepared for and passed the CISSP, what I would do differently a second time, and how I am thinking about CCSP, OSCP, and CEH from here.

Version control, CI testing, and ATT&CK coverage mapping turned a folder of SIEM rules into an engineering discipline. What changed, what it cost, and what I would do differently.

Lessons from building ML-assisted detection in production: the places machine learning genuinely moves the needle, and the places it quietly makes things worse.

What leading ransomware, BEC, and cloud-intrusion investigations teaches you that no certification covers — about evidence, people, and the decisions that actually shorten an incident.

Exploring modern Intrusion Detection Systems, their security impact, and future developments

Building a Terraform-provisioned hybrid lab where Zeek and Suricata telemetry feeds machine-learning detection models — and what it teaches about validating detections before they ship.

Three years of running a Raspberry Pi NIDS: Snort3 detection shipped via Filebeat into a self-hosted Elastic SIEM, with the tuning lessons that came with it.

Building an anomaly-based IDS for UNIX systems at the KCL Secure Systems Lab — from strace captures to a probabilistic model that caught a stack-based buffer overflow.