I was flying home from a security conference in Boston on a Friday evening, enjoying an unexpected complimentary upgrade to business class, listening to Dungeon Crawler Carl, and reflecting on some of the conversations I had over the previous few days. During one of those conversations, I had confidently stated that a YouTube channel I… Read More: Building a YouTube Statistics Tracker at 35,000 Feet »
Why I Started Building This Several weeks ago, I set out to create a proper Microsoft Defender Vulnerability Management (TVM) data connector for Microsoft Sentinel. What started as a relatively simple side project turned into a much larger effort involving API comparisons, ingestion architecture, scaling limitations, and a deeper understanding of how Defender exposure-management data… Read More: Sentinel TVM Snapshot Data Connector V2 »
Over the last two years, Microsoft’s AI ecosystem has expanded incredibly fast. What initially started as a relatively straightforward launch of Microsoft 365 Copilot has rapidly evolved into a much broader platform involving enterprise grounding, semantic intelligence, multi-model orchestration, AI agents, delegated workflows, governance platforms, and enterprise AI security controls. Along the way, Microsoft has… Read More: Understanding Microsoft’s Growing AI Ecosystem »
The phrase “AI Security” is becoming increasingly difficult to define because the risks change dramatically depending on how organizations interact with AI. Sometimes employees are simply using public AI services to summarize documents or generate content. Sometimes organizations deploy enterprise copilots grounded on internal data. Increasingly, organizations are building AI workflows and agents capable of… Read More: Securing AI Depends on How AI Is Being Used »
I officially pre-registered for Black Hat USA 2026 and DEF CON today, and every year I find myself trying to recruit additional attendees from friends, coworkers, and peers across the cybersecurity community. One thing I hear repeatedly is that many people, especially those not sponsored by their employer, assume these conferences are financially out of… Read More: Hacker Week on a Budget: Black Hat-DEF CON »
Security teams are starting to use and pay closer attention to tools like MCP servers, AI agents, GitHub Copilot, VS Code integrations, and other AI-assisted operational tooling. As organizations become more familiar with these tools, it naturally raises questions around the privacy and security implications of connecting them to enterprise systems. The real issue is… Read More: Authorized Access Unauthorized Destinations »
What started as a simple idea, exploring how AI could support a modern Security Operations Center, has grown into a structured series that documents both real solutions and the learning journey behind them. This collection of articles is intended to walk through the evolution from traditional, deterministic automation toward more adaptive, agent-driven approaches, while sharing… Read More: AI-Driven SOC Series Overview »
Introduction This series started with a simple question: what does an agentic SOC actually look like in practice? Early on, I focused on making that idea tangible. Instead of staying theoretical, I built out a working approach using Azure AI Foundry and Azure Logic Apps. The goal was not to prescribe a single “right” architecture,… Read More: Intro and Initial Deployment of a Foundry Agent »
This started as a straightforward idea. I wanted to get Defender Threat and Vulnerability Management (TVM) data into Microsoft Sentinel for long-term retention and dashboarding. The data potentially has value, and Sentinel is designed to ingest large volumes of security data, so on the surface it felt like something that should already exist. After building… Read More: Sentinel TVM Snapshot Data Connector »