Security built into the pipeline, not bolted on after the breach.
Security is not a feature you add at the end — it is a property of how you design, build and ship software. The teams that stay out of incident channels bake it into the workflow: threat modeling before code, pipelines that fail closed, and auth that is boring because it is correct. I treat security as an engineering discipline with measurable controls, including in regulated systems at Deutsche Telekom.
Articles in this hub
4 articles
Build a Tiny Linux Container without Docker in 2026
A hands-on 2026 walkthrough for building a tiny isolated Linux container with overlayFS, cgroups, namespaces, pivot_root, and kernel primitives instead of Docker.
Read article →
microVMs Explained: Firecracker vs gVisor for Secure Workloads in 2026
A practical 2026 comparison of Firecracker microVMs and gVisor for secure workload isolation: how each sandbox works, the security and performance trade-offs, and when to choose KVM-based VMs over a userspace kernel.
Read article →
Stop Storing JWTs in LocalStorage: Cookie Auth for SPAs in 2026
A practical 2026 guide to moving JWT authentication out of LocalStorage and into HTTP-only cookies with CSRF protection for SPA, SSR, upload, WebSocket, gateway, and mobile scenarios.
Read article →
Secure GitLab CI/CD in 2026: A Practical Hardening Playbook
A practical 2026 GitLab hardening playbook for protecting source code, secrets, runners, containers, artifacts, and CI/CD infrastructure from real-world attack paths.
Read article →
FAQ
What is your security background?
Are you available to hire?
How do we start working together?
Want security that ships with you?
From auth design to hardened CI/CD and supply-chain defense, I help teams build security into the workflow instead of patching it after an incident.
See security services →