Gödel, Escher, Bach — A Timeless Meditation on Minds, Patterns, and the Infinite
A deep dive into Douglas Hofstadter’s masterpiece and its uncanny relevance in 2025’s AI landscape — exploring strange loops, consciousness, and the infinite...
Blog Archive
2025
Musings on Antifragile
Some nights I feel like Taleb has stolen my voice, sharpened it with Mediterranean salt, and thrown it back at me. A reflection on chaos, growth, and learnin...
IPO-Ready Security for Distributed Systems: A Friendly, Thorough Guide
A crisp, hands-on playbook to make security the default across web, mobile, APIs, and cloud—built for a Node on ECS + middleware on EKS stack—and to spot iss...
Crypto-Shredding in Practice: Field-Level Encryption with Vault Transit at Scale
A candid build-and-ship story: why we moved to field-level encryption, how Transit fits, the migration that didn’t melt the pager, and the outage that made u...
Designing Security into Distributed Systems: A Friendly, Thorough Guide
What distributed systems are, why we build them, where the risks hide, and how to make security the default—explained crisply, like you and I are whiteboardi...
Defense in Depth for Cloud Native Infrastructure
Code → Container → Compute → Cluster → Cloud → CDN
Architecting Security for Products & Distributed Platforms
Threat Modeling for Products & Distributed Systems
Eliminating Tech Debt: Automated Dependency Updates & Code Refactoring
Renovate and OpenRewrite
Securing Multi-Cloud Networks: From Immediate Controls to Zero Trust
A phased, product-centric approach to securing multi-cloud network — from immediate threat mitigation to zero trust adoption.
BYOK and Crypto Shredding for Compliance-Driven Data Protection
An architect’s blueprint for implementing Bring Your Own Key (BYOK) and Crypto Shredding to meet stringent security and compliance requirements.
Owasp Top 10
layout: post title: “Eliminating the OWASP Top 10: Code First Perspective” date: 2025-08-13 categories: [security] tags: [owasp, secure-coding, threat-mod...
eBPF in Action: Service Mesh, Runtime Threat Detection, and API Defense
How eBPF enables sidecarless service meshes, real-time runtime threat detection, and API-level defenses directly in the kernel.
Raw CNAPP Data: Why It Matters and the Future of Cloud Security Analytics
Raw CNAPP exports can cut costs, speed compliance fixes, and accelerate breach response — if you control the query layer.
2024
Buildkite Secure CI/CD Pipeline for Go Microservices
A comprehensive, security-first CI/CD pipeline for deploying Go microservices using Buildkite and Minikube, demonstrating end-to-end security automation and ...