Co-Founder & CTO, Simbian

Thinking out loud about
security, AI, and the
systems that protect us

I write first-principles explainers for security leaders navigating the shift to autonomous operations - no corporate speak, no fluff.

Read the blog About me

What I write about

Security Operations

Why traditional SOCs are breaking down, and what autonomous security actually looks like.

AI & Automation

First-principles thinking on how AI agents are reshaping security engineering from the ground up.

Building in Public

Lessons from building a security startup - technical decisions, leadership, and the messy middle.

Recent writing

View all →

March 28, 2026

WTF Is Security Context

The industry uses 'context' as a synonym for 'more data.' It's not. Here's a first-principles framework for what context actually means - from events to chains to storylines - and why most SOCs are stuck at Layer 1.

security-operations soc detection-engineering architecture

March 16, 2026

AI-Powered Security Starts with Your Tribal Knowledge

The greatest vulnerability in the modern SOC is not a lack of data - it is a lack of memory. How tribal knowledge, context lakes, and a new role called the Context Analyst change everything.

security-operations ai soc architecture

March 9, 2026

Why a Fixed Capacity SOC Is a Liability

We treat the SOC as a defensive funnel, but functionally it's a bottleneck. When attack volume goes exponential, a fixed capacity model forces you to ignore the vast majority of signals to save the sanity of the team.

security-operations ai soc detection-engineering

Thinking out loud aboutsecurity, AI, and thesystems that protect us