Updated · May 2026

Now.

A snapshot of where my attention is. Inspired by the /now movement.

SHIPPING

SOC & SOAR work

Day-to-day at IT Audit Labs: SOAR playbook design, alert triage, and detection engineering across a multi-tenant SOC.

Cortex XSOAR Azure / Intune Rapid7

BUILDING

Edge-native side projects

Continuing client work on Cloudflare Workers + Durable Objects. Pulling lessons from production back into reusable patterns.

Astro Hono D1 DO

LEARNING

Detection engineering depth

Going deeper into Cortex XSIAM, detection-as-code patterns, and pairing SIEM signal with SOAR response. Recent reading on browser-extension threat surface (see writing).

WRITING

Sharing what I find

Publishing on the IT Audit Labs blog when I hit something the community would benefit from. Latest: browser extensions as a quiet SSO bypass vector.

⚜ this page changes · check back ⚜

If you're reading this months from now, the page is probably stale. Ping me for a current snapshot.