You’ve probably found me from LinkedIn.

That’s where I’ve been sharing most of my thoughts, stories, and lessons from the SOC and IR world—what works, what doesn’t, and how we can do this work better.

But I wanted a space that wasn’t limited by the platform.

A place where I could go deeper.

Where posts wouldn’t get buried in the feed after 24 hours.

Where I could build something more lasting with people who actually care about this work.

Substack was the answer I came up with.

If you’ve ever liked what I shared about how to build a functional SOC, how to run real incident response, or how to avoid the common failures we see across teams, this is the place to keep up with it.

I’ll be using this newsletter to share deeper insights into how we do SOC and IR right—from detection engineering to post-incident reporting to team structure and tooling.

If that sounds good to you, hit subscribe.