Research Articles

Original writing on the IT work I've actually done. New pieces ship as they're written, anchored to real production environments and real outcomes. No filler, no curated reading list dressed up as authorship.

Active
Networking · Homelab

Privacy is a Property, Not a Feature: an architecture of verifiable defaults at home

A small home network built around a single firewall, designed so no traffic ever leaves the house outside an encrypted VPN tunnel. Router-on-a-stick on pfSense 2.8.1, dual Mullvad WireGuard with automatic failover, Suricata IDS, six-VLAN segmentation, and the kill-switch layers that prove privacy at the network layer is achievable at home without enterprise gear.

Status: active draft Published 2026-05-23 ~18 min read Read draft →
Sections
  • 01The problem most home networks ignore
  • 02Architecture: topology, hardware, software
  • 03Privacy architecture: threat model and defense
  • 04Network segmentation: six VLANs, one job each
  • 05What I learned: skills, mistakes, surprises
  • 06Limitations: what does not work yet
  • 07Tooling and documentation discipline
  • 08Conclusion: privacy as an emergent property

Roadmap

Planned originals · subject to job-search bandwidth
Networking · Homelab Planned

WireGuard Failover Patterns: dual-tunnel design

Building gateway failover groups across two Mullvad endpoints with policy-based routing, NAT-pinning, and graceful degradation under tunnel drop. Reproducible on any small pfSense build.

ETA Q3 2026
Cloud Planned

Retiring a File Server: a small-org SharePoint migration

Playbook for moving a small regulated org off legacy SMB drives onto SharePoint Online with OneDrive sync and department-level permission boundaries.

ETA Q3 2026
Identity Outlined

MFA + Conditional Access from Zero (small regulated org)

How to deliver a first-ever identity baseline in an SMB with no prior MFA. Break-glass design, trusted-location enforcement, and a three-month adoption rhythm.

ETA Q4 2026
Identity Outlined

Identity Lifecycle 30/60/90: an offboarding playbook

Same-day disable, mailbox retain, 90-day delete. Why this cadence matters in regulated SMB IT, how to enforce it, and what the audit trail looks like at year-end review.

ETA Q4 2026
Cert Study Planned

CCNA Prep Notes: VLAN to inter-VLAN routing

Hands-on Cisco IOS labs leading up to the August 2026 exam. Configurations that worked on Catalyst 3560 and Cisco 1900, in the order an exam-taker actually needs to know them.

ETA Aug 2026
Operations Idea

First-Ever IT Hire: a 90-day stabilization playbook

What to triage in the first 90 days walking into a small org with no documentation, no MFA, no cyber insurance. Order of operations from triage to harden.

ETA 2027

What I'm Reading

Independent voices outside my own desk
Networking OpenFlow Deep Dive: 6 hours of archival videos, public Pepelnjak Security On AI Security: benchmarks alone cannot measure safety Schneier Geopolitics Putin's Incentive to Escalate Mearsheimer Attack HTB Pterodactyl: directory traversal to root 0xdf Spirituality Go as a River, Not a Drop of Water Plum Village Astrology The Story of Ten Planets, Ten Songs Forrest

+ Reading list rotates as new posts ship. RSS automation comes later, after the first original is out.