Cloud Security Research  ·  Detection Engineering  ·  AI Security

Security research from the practitioner's perspective.

10 years in cloud security. Built detection systems, investigated real incidents, and spent a lot of time in the gap between what security tools validate and what business workflows actually require.

AI Security CNAPP CSPM CIEM Detection Engineering Incident Response Zero Trust Email Security AWS · Azure · GCP
Writing
Mar 2026
AI Security · M365 · OAuth Security · Zero Trust
Securing the Claude Enterprise M365 Connector: What the Permission Model Doesn't Tell You
The connector is read-only and delegated. That framing is accurate and insufficient. The gaps are in aggregation behaviour, token persistence, tenant-wide search scope, and the DM surface most security reviews never look at.
Read →
Feb 2026
Detection Engineering · Microsoft Sentinel · Insider Threat
Building an Insider Threat Detection Program for Employee Offboarding in Microsoft Sentinel
Dynamic watchlist, ten KQL analytics rules covering every exfiltration and persistence path, alert fusion, monitoring workbook, and RBAC isolation — a complete detection program for the offboarding risk window.
Read →
Feb 2026
Email Security · Incident Analysis
Two Look-Alike Domains. One Email Man-in-the-Middle. Nobody Noticed Until It Was Too Late.
A full email MitM attack where two companies were actively communicating throughout the entire incident. SPF passed. DKIM passed. DMARC passed. Here is why.
Read →

About

Cloud security engineer with 10 years of experience across Cloud Security, CNAPP, CSPM, CIEM, CWPP, and KSPM. Previously built detection systems at scale — over 2,500 rules across compliance frameworks including CIS, NIST, MITRE ATT&CK, PCI DSS, and GDPR across AWS, Azure, and GCP.


Currently focused on AI security, cloud security posture, and detection engineering. Writing about real incidents, real detections, and the architectural gaps that make both possible.

AI Security & LLM Risk
Cloud Security Posture Management
Detection Engineering & SIEM
Identity & Access (CIEM)
Kubernetes Security (CKS)
Incident Response & Forensics
Microsoft Sentinel · KQL
AWS · Azure · GCP