TAP vs SPAN — Visibility Design Tradeoffs
When to use a physical TAP, when SPAN is good enough, and why in-line bypass design decides whether your visibility layer can ever take down the production network.
Firewall Rule Recertification — A Repeatable Methodology
A practical method for fighting firewall policy entropy: usage-driven review cycles, owner re-justification, and safe, reversible decommissioning backed by data instead of nerve.
Enterprise In-Line Tapping: Gigamon + NetScout
How a packet-visibility layer was inserted into live enterprise production paths without inheriting new outage risk — the role of bypass design, aggregation, and a tested cutover.
Network Visibility at a Utility
A packet-broker fabric, Arbor edge DDoS defense, and a SIEM/SOAR pipeline — and why accurate technical inventory is the foundation that makes all of it work.
Public Cloud IAM
Identity and access management as the real control plane of the cloud. How least-privilege actually breaks down at scale, role/permission boundary design, and detecting privilege drift.
Container Security
Securing containerized workloads: image provenance and scanning, runtime isolation, the network policy model inside an orchestrator, and where the old perimeter assumptions stop holding.
DevOps for MSSP Tool Stacks
Treating security tooling as code — repeatable, version-controlled deployment of the tool stacks an MSSP runs across many customers, so onboarding a client is a pipeline run, not a bespoke build.