Posts

I spend my evenings doing Hack The Box challenges and CTF competitions. Not because I want to become a pentester — I’m happy in platform engineering. But because the skills I learn there make me significantly better at my day job. This isn’t obvious at first. What does pwning a vulnerable web app have to do with running Kubernetes clusters? More than you’d think. Forensics and offensive security train you to think about systems differently. You learn to investigate, to trace, to understand what’s actually happening rather than what should be happening. And that mindset — plus the tooling — is exactly what you need when debugging production issues at 3 AM. ...

“So what’s the difference between a container and a virtual machine?” I get this question a lot. And the answer usually involves terms like “hypervisor,” “kernel sharing,” and “hardware abstraction” — which just creates more questions. But there’s actually a deeper question lurking here: what’s the difference between simulation, emulation, virtualization, and containerization? These four concepts are often confused, but they’re fundamentally different approaches to solving the same problem: running something in an environment it wasn’t originally designed for. ...

“So what exactly is this zero trust thing everyone keeps talking about?” I get this question a lot. Usually from managers, executives, or anyone who has to approve security budgets without a technical background. And honestly, most explanations I’ve seen are terrible. They’re either drowning in jargon or so oversimplified they’re useless. So here’s my attempt at a metaphor that actually works. One that I’ve used successfully to explain zero trust to my parents, to executives, and to that one colleague who still thinks the firewall is “the internet box.” ...

I have a confession: I spent years perfecting my dotfiles. Custom vim mappings, tmux prefix changed to Ctrl+a, fancy shell prompts, aliases for everything. My setup was perfect. And then I SSH’d into a production server to debug an issue, and I was useless. No custom mappings. No plugins. No aliases. Just vanilla vim with its default keybindings that I had completely forgotten. I fumbled around, couldn’t remember how to do basic navigation, and felt like a complete beginner. ...

I’ve been using the same .zshrc for years. And my .vimrc. And my tmux config. Over time they’ve grown into a carefully tuned system that does exactly what I want. The problem: I have multiple machines. A laptop, a desktop, sometimes a VM for testing. And keeping everything in sync was always… improvised. Finding the right dotfile management solution took me years. I tried everything. And I mean everything. The Long Search It started with the classic: a bare git repo in my home directory. git init --bare ~/.dotfiles, some aliases, done. It works, but it’s fragile. One wrong git clean and you’ve nuked your configs. And good luck with machine-specific settings. ...