Technical writing on real-world breaches, detection theory, and the architecture of network breach detection infrastructure. Written for detection engineers, SOC analysts, and security architects who would rather read the system than read the pitch.
Detection As Information Gain
Cybersecurity is inference over hidden adversarial state. Every alert is evidence. Most alerts are weak evidence. The job is to ask the questions that collapse uncertainty fastest.
ReadThe JLR Attacks: Breached Twice in Six Months, £1.9 Billion Lost
Jaguar Land Rover was breached twice in 2025. Different attackers, same credential hygiene failure. The second attack cost £1.9 billion.
Read