Security operations engineer working on endpoint management at scale. These notes are about how I actually run security ops day to day — the tools, the patterns, and the things that didn’t work.
Most of what I write touches Fleet, osquery, Linux internals, and the gap between “vendor said this fixes it” and “the host actually fixed it.”
Opinions are my own.