Notes on how I build and how I break - architecture, research, and the craft of security.
After testing hundreds of tools, here is the complete security stack I use every day - with pros, cons, and alternatives.
A Dell R630, Proxmox, 16 services in production. My homelab is the laboratory where I test every idea before bringing it to clients.
Security in CI/CD pipelines should not slow down development. Here is how to integrate security without friction.
Zero Trust is everywhere in cybersecurity marketing. But actually implementing it is another story. Here is a practical approach.
Defense in depth is a known concept. Deception in depth - layering deception across every level of infrastructure - is the next step.
Deception technology is moving from niche to necessity. Here is why it is the future of low-cost detection.
CTI is not just for large enterprises. How to democratize threat intelligence for SMEs with limited resources.
Everyone talks about AI in security. But what actually works and what is just marketing? My perspective after using it in production.
Italy has a specific cybersecurity problem. SMEs are the backbone of the economy but the most exposed. Here are the data and solutions.
AI systems are not just tools - they are attack surfaces. How to test the security of an LLM.
91% of malware uses DNS. Yet most companies do not monitor their DNS traffic. Here is why you should.
Presidio, Valta, Mirage, Cipher, PhishSim, Tempest - every platform taught me something different about security engineering.
I have built 6 security platforms from scratch. But it is not always the right choice. Here is how to decide.
With hundreds of CTI feeds available, most are noise. Here are the ones I use in production and why.
Cybersecurity is no longer just an IT problem. Here is how to communicate cyber risk to the board of directors.
My journey from testing systems to building them - and why offensive experience makes every defensive architecture better.
You do not need six-figure budgets for enterprise security. Here is the open source stack I run in production.
Security response automation looks simple on paper. Reality is full of edge cases. Here is what I learned.
From analyzing 80 phishing templates I learned more about human psychology than about technology.
I have used all three in production. Here is a comparison based on real experience, not vendor spec sheets.
You do not need a 50k assessment to understand where you are vulnerable. Here is a quick method for an initial risk evaluation.
Five playbooks, thousands of executions. What actually works in incident response automation with Shuffle SOAR.
Most security awareness training is a waste of time. Here is how to build a program that actually changes behavior.
How I transformed Grafana from a monitoring tool into a complete SOC portal with 95% coverage.
MITRE ATT&CK is more than a poster on the SOC wall. Here is how I use it to improve detection and response on real incidents.
You do not need millions to implement Zero Trust. With M365 Business Premium and Conditional Access you can start tomorrow.
The average cost of a data breach in Italy is 3.7M euros. But for SMEs the numbers tell a different - and more personal - story.
The NIS2 directive changes the rules for cybersecurity in Europe. What it concretely means for Italian SMEs.
Supply chain is the attack vector of the decade. Here is what I discovered analyzing popular open source packages.
GDPR requires "appropriate technical measures" but does not say which ones. Here is what it really means from a technical standpoint.
Having an incident response plan is not enough. The problem is most plans do not work when they are actually needed.
Compliance does not have to be bureaucracy. How to implement ISO 27001 pragmatically without stifling innovation.
Cloud security is not just the provider's responsibility. Here is how to manage your security posture on AWS.
The difference between red, blue, and purple team is not just about colors. Here is when and why to choose each approach.
Signature-based antivirus is no longer enough. Here is why EDR and XDR are the new standard and how to make the transition.
When an HTTP library follows a redirect, what happens to authentication headers? The answer will surprise you.
Active Directory is attackers' number one target. Here are 15 quick interventions that drastically reduce the attack surface.
Pentest prices vary enormously. Here is how to understand what you are paying for and why the lowest price is never the best choice.
From Anthropic to AWS SageMaker, from Echo to aiohttp - my vulnerability research campaign on high-impact open source projects.
The NIS2 directive is in effect and many Italian companies are not ready. Here is a practical checklist to get started.
How I found and reported a vulnerability in Claude Code - and what the responsible disclosure process taught me.
APIs are the fastest growing attack surface. Here is my systematic approach to API security testing.
Two different services, often confused. Here is how to know which one you need - and when you need both.
60,000+ events captured, 92 attackers profiled. What I learned building Mirage, an AI-powered deception platform.
I run over 50 Docker containers in production. Here are the hardening rules I apply on every deployment.
XDR is everywhere, but most platforms are not built for SMEs. Here is how to evaluate your options without getting blinded by marketing.
With 19k+ threats tracked from 9 sources, noise is the real enemy. How Valta's AI scoring turns chaos into actionable intelligence.
The XDR market is evolving rapidly. Here is where it is heading and why platforms that do not automate response are destined to disappear.
Six integrated systems, five SOAR playbooks, a SOC portal at 95%. What I learned building a complete XDR stack from scratch.
The difference between configuring and building is not just technical - it is a mindset. Here is why I chose to engineer from scratch.