So what's all this then?
I figured I'd take a stab at writing a simple blog for the same reason why a lot of people write blogs, produce podcasts, or develop other media. While there is a LOT of great information security content out there, sometimes it doesn't speak for me: Doing InfoSec at an SMB (no, the OTHER SMB) - a small to medium sized business. An Information Security Program where dedicated security staff headcount is in single digits and where things like "dedicated internal red team", "SANS courses passed out like candy" or "absolute best of breed tools in every corner of our environment" are fantasy. Your definition of "Small to medium" will of course vary. I consider my organization to be well funded considering it's size, and some of the content I plan to post relates to the security stack of this company called Microsoft. No, seriously: Defender for Endpoint, Azure Sentinel and other tools have been immensely helpful to me while I've ...