Detection Engineering
Snort rules in 2026: still useful, still awkward
Learn where Snort still earns its rack space in 2026, where it's gone blind, and the keep/replace/de-scope call.
May 26, 2026
Daniel C.
Head of Security Operations
Daniel C. is a security operations leader with over a decade of experience building and scaling SOC capabilities for cloud-native companies. He has led security teams through multiple stages of growth — from early-stage environments with minimal tooling to mature organizations operating 24/7 security operations with distributed teams. His experience includes designing SOC architectures, evaluating and managing MDR providers, and building internal detection and response capabilities. Daniel has been responsible for vendor selection across SIEM, EDR, and XDR platforms, as well as defining SLAs, response models, and escalation frameworks. He has also worked closely with executive leadership on budgeting, board reporting, and aligning security operations with broader business risk. He writes about the practical decisions security leaders face — including build vs buy tradeoffs, how to evaluate security vendors, and what it actually takes to run an effective security operations function at scale
Articles
Identity & Access Security Operations
Identity threat detection and response in plain English
ITDR isn't a new product category. It's the detection layer your EDR, SIEM, and NDR each see pieces of, and the gap is narrower than vendors imply.
May 25, 2026
Cloud Security Operations
Most Cloud-Native Security Is Rebadged Cloud Hygiene
Most CNAPPs and CSPMs are sold as cloud-native security but deliver cloud hygiene. Here's the structural gap and how to spot it in a vendor demo.
May 14, 2026
Stay sharp on security operations
Practitioner takes on SOC modernization, detection engineering, threat hunting, and more. No fluff. No product pitches.