Declarative infrastructure for compliance and certification

Declarative Infrastructure as Compliance Documentation: Talos, NixOS, and Audit-Ready Systems

Here’s how an ISO 27001 audit usually goes. Weeks before the auditor shows up, someone starts collecting screenshots. Configuration panels, firewall rules, a dashboard showing patches applied. Then come the Word documents describing what the systems are supposed to do. Then the change tickets, dug out of a ticketing system, each one referencing a vague “server maintenance” that nobody can fully reconstruct six months later. Everyone treats this as the cost of doing business. I did too, for years. ...

March 23, 2026 · 9 min read · Tom Meurs
Talos Linux immutable Kubernetes operating system

Talos Linux: The Immutable Kubernetes OS That Changed How I Think About Nodes

Here is how most of us run Kubernetes nodes. You install a general-purpose Linux distro, harden it with a CIS benchmark script, add an SSH key, set up a config management tool to keep drift in check, and then spend the next two years SSH-ing in to fix the things the config management tool didn’t catch. Every node is a little snowflake with its own history. We’ve accepted this as normal. ...

March 11, 2026 · 8 min read · Tom Meurs
CTF and forensics skills for DevOps engineers

CTF and Forensics Skills That Make You a Better DevOps Engineer

A production server is misbehaving at 3 AM. You SSH in. Now what? The engineers who stay calm here are the ones who already know the next ten commands by heart, because they have run this exact loop a hundred times before, just with the word “flag” instead of “incident.” I spend my evenings doing Hack The Box challenges and CTF competitions. I have no plans to become a pentester. I like platform engineering. The reason I keep at it is that the skills carry straight into my day job, and the carryover is bigger than it sounds. ...

February 27, 2026 · 10 min read · Tom Meurs
Zero trust security explained with hotel metaphor

Zero Trust Explained: The Hotel Key Card Metaphor

“So what exactly is this zero trust thing everyone keeps talking about?” I get this question a lot. Usually from managers, executives, or anyone who has to approve a security budget without a technical background. And most explanations I have seen are terrible. They either drown you in jargon or sand the concept down so far that nothing useful is left. So here is the metaphor I reach for instead. I have used it to explain zero trust to my parents, to executives, and to that one colleague who still calls the firewall “the internet box.” It works because it starts with something everyone has touched: a hotel key card. We will build up from there, one layer at a time, until you can see how the same idea runs all the way down to mTLS and identity-aware proxies. ...

February 19, 2026 · 8 min read · Tom Meurs
K8sGPT with local LLM on Apple Silicon

K8sGPT with a Local 70B Model on Apple Silicon

Every vendor pitch deck right now has the same slide. “Autonomous cluster management.” An AI watches your Kubernetes cluster, spots problems, diagnoses them, and fixes them while you sleep. Platform engineers get to stop firefighting and the cluster heals itself. I run a homelab specifically because I want to understand what’s actually happening, not trust a black box. So when I see a claim like that, my first instinct is to test it myself rather than believe the slide. ...

February 5, 2026 · 11 min read · Tom Meurs