Writing
Field notes from public-sector security work.
Articles, technical writeups, and observations from inside the practice. New writing arrives here as it's published.
Coming soon
First articles in development.
Writing here will focus on the practical end of public-sector security: what State Auditor cybersecurity performance audits actually look for, how small IT teams build incident response capability without a SOC, and field reports from frameworks like NIST CSF 2.0, CIS Controls v8, and CJIS in real-world municipal environments.
If there's a topic you'd like covered first, the contact page is always open.
Looking for something specific?
The services page describes the engagement types I take on, and the about page covers the practitioner background.