Blogs

Technical guides and writeups on cybersecurity, networking, and infrastructure from my coursework, internships, and home lab.

Enterprise Cybersecurity Management: Frameworks, Risk, and Strategy
blogsJan 7, 2026

Enterprise Cybersecurity Management: Frameworks, Risk, and Strategy

Framework-level thinking from my Enterprise Cybersecurity Management coursework at BU -- how organizations weigh risk, cost, and compliance at scale.

enterprise-securityframeworksnistrisk-management
Nmap Mastery: The Reconnaissance Tool Every Security Person Must Know
blogsDec 7, 2025

Nmap Mastery: The Reconnaissance Tool Every Security Person Must Know

A deep look at Nmap, the reconnaissance tool behind nearly every network engineer's and penetration tester's toolkit.

nmapreconnaissancepenetration-testingnetwork
Database Security: Protecting the Crown Jewels
blogsNov 6, 2025

Database Security: Protecting the Crown Jewels

Why database security is the last line of defense once the application layer is compromised, and how to apply least privilege at the data layer.

database-securitysqlpostgresqldata-protection
DeFi Security: Why $3 Billion Was Stolen in 2022 and What It Teaches Us
blogsOct 6, 2025

DeFi Security: Why $3 Billion Was Stolen in 2022 and What It Teaches Us

Breaking down why over $3 billion was stolen from DeFi protocols in 2022, and the well-understood vulnerability classes behind most of it.

blockchaindefisecurityweb3
CTF Competitions: How Capture The Flag Made Me a Better Security Engineer
blogsSep 5, 2025

CTF Competitions: How Capture The Flag Made Me a Better Security Engineer

How Capture The Flag competitions on HackTheBox and TryHackMe sharpened my offensive and defensive security thinking beyond coursework alone.

ctfhacktheboxlearningpentesting
Cryptography Fundamentals Every Security Engineer Should Know
blogsAug 5, 2025

Cryptography Fundamentals Every Security Engineer Should Know

The cryptographic primitives behind TLS, password hashing, and digital signatures -- what they do, when to use them, and how to avoid misusing them.

cryptographyaesrsahashing
Wazuh: The Free SIEM and EDR Worth Taking Seriously
blogsJul 5, 2025

Wazuh: The Free SIEM and EDR Worth Taking Seriously

Why Wazuh is a serious free alternative to commercial SIEM and EDR platforms, based on running it alongside Splunk in my home lab.

wazuhopen-sourcesiemedr
Building RBAC Into a Java CRM: What I Learned at Sonata Software
blogsJun 4, 2025

Building RBAC Into a Java CRM: What I Learned at Sonata Software

What building Role-Based Access Control into a Java CRM at Sonata Software taught me about the mechanics and philosophy of authorization.

rbacaccess-controljavaenterprise-security
Mobile Forensics 101: What Your Phone Remembers That You've Forgotten
blogsMay 4, 2025

Mobile Forensics 101: What Your Phone Remembers That You've Forgotten

What smartphones retain that most people don't expect, and how mobile forensics differs from established desktop forensic practice.

mobile-forensicsdigital-forensicsandroidevidence
Incident Response in Practice: Building and Running Your First Playbook
blogsApr 4, 2025

Incident Response in Practice: Building and Running Your First Playbook

Building a practical incident response playbook around the NIST SP 800-61 lifecycle -- the process clarity that determines whether you contain a breach.

incident-responseblue-teamsocplaybooks
Building a Blockchain-Based Authentication System with Stellar
blogsMar 4, 2025

Building a Blockchain-Based Authentication System with Stellar

Exploring blockchain-based authentication on the Stellar network -- cryptographic identity as an alternative to centralized identity providers.

stellarblockchainauthenticationweb3
Network Traffic Analysis with Wireshark: A Practical Beginner's Walkthrough
blogsFeb 1, 2025

Network Traffic Analysis with Wireshark: A Practical Beginner's Walkthrough

A practical, beginner-friendly walkthrough of using Wireshark to analyze network traffic and debug protocols.

wiresharknetwork-analysispcapbeginners
Is the Google Cybersecurity Professional Certificate Worth It? My Honest Review
blogsJan 1, 2025

Is the Google Cybersecurity Professional Certificate Worth It? My Honest Review

An honest review of the Google Cybersecurity Professional Certificate, completed while preparing to apply to BU's MS program.

certificationscareergoogle-cybersecurity
AWS Security Fundamentals: IAM, VPC, and S3 Best Practices
blogsDec 1, 2024

AWS Security Fundamentals: IAM, VPC, and S3 Best Practices

A practical look at AWS IAM, VPC, and S3 fundamentals -- the cloud security controls that matter most, from my AWS Cloud Solutions Architect coursework.

awscloud-securityiams3
Building Secure APIs: Mistakes I've Made and How to Fix Them
blogsNov 1, 2024

Building Secure APIs: Mistakes I've Made and How to Fix Them

Lessons from building and testing APIs in Java, Python, and TypeScript -- where API security actually breaks down and how to fix it.

api-securityrestauthenticationbackend
SQL Injection: From Attack to Defense (What I Learned at My Internship)
blogsOct 1, 2024

SQL Injection: From Attack to Defense (What I Learned at My Internship)

How SQL injection actually works and every layer of defense I applied while implementing secure database interactions at Sonata Software.

sql-injectionweb-securityjavasecure-coding
My MITRE eCTF 2026 Experience: Securing Bare-Metal Firmware on Arm Cortex-M0+
blogsSep 1, 2024

My MITRE eCTF 2026 Experience: Securing Bare-Metal Firmware on Arm Cortex-M0+

Designing and attacking secure firmware on the MSPM0L2228 (Arm Cortex-M0+) as part of MITRE's embedded Capture the Flag 2026 competition.

ectfembedded-securityfirmwarearm
Smart Contract Security: The Vulnerabilities That Have Cost Billions of Dollars
blogsAug 2, 2024

Smart Contract Security: The Vulnerabilities That Have Cost Billions of Dollars

The smart contract vulnerability classes -- from reentrancy to oracle manipulation -- that have collectively cost the blockchain industry billions.

blockchainsmart-contractsweb3-securitysolidity
MQTT Broker Hardening on Raspberry Pi: Lessons from My DoS Attack Lab
blogsJul 2, 2024

MQTT Broker Hardening on Raspberry Pi: Lessons from My DoS Attack Lab

Hardening an MQTT broker on a Raspberry Pi after running my own DoS attack lab -- where IoT messaging protocols fail by default.

iotmqttraspberry-pihardening
Digital Twin for Network Security: Building a Virtual Lab to Simulate and Detect Attacks
blogsJun 1, 2024

Digital Twin for Network Security: Building a Virtual Lab to Simulate and Detect Attacks

Building a virtual replica of an enterprise network in VirtualBox to simulate attacks and validate a Splunk + Zeek monitoring stack.

network-securitydigital-twinwiresharklab
Setting Up a Home SIEM with Splunk: My Hands-On Guide
blogsMay 1, 2024

Setting Up a Home SIEM with Splunk: My Hands-On Guide

A hands-on guide to setting up a home Splunk SIEM, from my Google Cybersecurity Certificate prep through my coursework at BU.

siemsplunkblue-teamincident-response
OWASP Top 10 Explained: What Every Developer Needs to Know
blogsApr 1, 2024

OWASP Top 10 Explained: What Every Developer Needs to Know

The OWASP Top 10 explained in plain language for developers -- what each vulnerability looks like in real code and how to prevent it.

owaspweb-securityappsecdevelopers
How I Built Bounty Hawk: My Automated Recon and Vulnerability Discovery Tool
blogsMar 3, 2024

How I Built Bounty Hawk: My Automated Recon and Vulnerability Discovery Tool

Why I built Bounty Hawk, a Python automation framework that handles recon and OWASP Top 10 checks so I can focus on the parts of pentesting that need judgment.

penetration-testingpythonowasptools
Getting Started in Cybersecurity: My Student Roadmap
blogsFeb 1, 2024

Getting Started in Cybersecurity: My Student Roadmap

My path from a Bachelor's in Computer Applications to an MS in Cybersecurity at BU -- and the roadmap I'd give any student starting out.

cybersecuritycareerstudent