// AppSec → Blue Team

Documenting the journey from AppSec to Security Operations

I have spent years in application security — finding bugs, writing threat models, arguing about CVSS scores. I decided to find out what happens after the attack gets through. This is where I write about it.

Read the posts

Lab progress

Security Onion done
Wazuh + ELK in progress
Sysmon planned
Atomic Red Team planned
TheHive + Cortex planned
MISP planned
Velociraptor planned

Latest posts

View all →
Part 01 May 13, 2026 8 min read

Breaking Out of the AppSec Bubble

There is a comfortable lie that application security professionals tell themselves. We harden the code, we run the threat models, we catch the SQLi in code review — and somewhere in the back of our minds we assume that is where our responsibility ends.

Read post upcoming
Part 02 Coming soon ~10 min

Endpoint Visibility: Wazuh and the Windows Log Problem

Out of the box, Windows event logging is nearly useless for threat hunting. Here is what Sysmon changes, and how to get all of it flowing into a SIEM.

 upcoming
Part 03 Coming soon ~12 min

Simulating Attacks and Hunting for Them

Running Atomic Red Team techniques mapped to MITRE ATT&CK, then hunting for evidence across Suricata, Zeek, and Sysmon logs. The core SOC learning loop in practice.