Notes from the field
Writing on cloud, DevOps, security, and AI engineering, informed by what actually goes wrong in production.
Security
Microsoft Entra ID PIM: a practical setup that doesn't break the team
Privileged Identity Management is one of the highest-leverage security upgrades you can make. Here's how I roll it out without grinding admin work to a halt.
December 16, 2025 4 min read
SecurityFeatured
Key Vault RBAC vs Access Policies: migrate now, your future self will thank you
Azure Key Vault has two permission models. One is the future, one is the past, and most of us are still using the past. Here's how to switch.
November 4, 2025 3 min read
SecurityFeatured
Conditional Access policies every Entra ID tenant should have
A baseline set of Conditional Access policies that block 80% of identity attacks — without becoming a productivity drag for your users.
September 9, 2025 3 min read
SecurityFeatured
Hardening a new Azure subscription: my first-10-settings checklist
The first ten things I configure on every new Azure subscription before any workload goes near it. Identity, policy, monitoring, and the things teams forget until it's too late.
August 12, 2025 3 min read