I’ve been in tech long enough to wear every “admin” hat. Sys admin, network admin, security admin…I used to joke, “I don’t want to be an admin anymore!” But in tech, your title never matches your actual work…the scope creep is real.
Through all the roles, security was naturally baked into everything I did. Networks were segmented and ACL’d where possible. Patching was a priority. Role-based access… I put that s*&% on everything. (Frank’s Red Hot).
In my sys admin days, I got really into PowerShell. I was scripting everything I could… my stuff, their stuff…didn’t really matter. I loved that processes were being standardized, outputs were expected, and that I was either speeding up workflows or making someone’s job easier. Thats the stuff that got me out of bed in the morning.
At some point, I knew I wanted to go deeper on the security side. The stars aligned and I landed a security-focused role. They were looking for someone with scripting experience…the glove fit. I went from writing audit scripts, to full runbooks, to eventually building platforms to manage security controls.
Through all of it, my security engineering efforts have moved from local, to SaaS posture management (SSPM, CSPM, ASPM, DSPM…all the PM’s…), to cloud where I now live and love. Cloud encompasses literally everything. Networking, compute, storage, AI, Kubernetes, pipelines…it keeps you busy.
And that’s what this blog is all about. Real-world stuff. Misconfigs I’ve seen, scripts that help, and breakdowns of what cloud security looks like in practice. I want to share the things I’ve built, broken, and learned along the way.