TLDR; What I love about technology and cyber security, is that there is always so much to learn, endless terrain to explore and challenges to solve! Like the CISSP cert, you can go a mile wide and a few centimeters deep, or explore more extensively in a limited arena. The field is an endless journey of discovery, where creative solutions are constrained only by time and our imagination. This is part of my journey -- to devise, elucidate, understand, and catalog creative solutions and resources that contribute to the community, help solve problems, and when appropriately applied, provide customer value and competitive advantage. Perhaps it's a bit like working to establish a cistern that allows us to capture fresh input as it is created, drawing upon, and returning as we need a refresher.

Cloud Architect : Cloud (primarily AWS)-related tools, and information. Let's explore basic things like auto-scaling infrastructure via code (IaC), configuring services that provide automation and DevOps value (bearing in mind Jonathan Smart's admonition that the order should be People, Process, then Tooling), IAM best practices, and K8s vs EKS deployment.


  • DevSecOps: Incubating Development Secure Operations information, working to answer the question: how do we use secure coding paradigms that shift processes left, reduce our reliance on post-production triage, and infuse our organizations with the mentality of security as a business driver, rather than cost center or through-put reducer.

  • Zero-Trust: Zero-Trust information and resources. We define what ZT is, how to adopt a ZT mindset, and guiding principles. Plus articles, books, and examples.


  • CISSP-study-resources: in this repo, I'm (still) in the process of breaking down the CISSP information by domains (1-8).

  • Security+ resources: coming-soon.