After twenty years in cyber and IT, I wanted a space that wasn’t shaped by scope documents, approvals, or someone else’s template. Somewhere ideas didn’t have to wait for a meeting or a business case to exist.
This site is that space, my workshop. The place where I think out loud, build things properly, and write without a stakeholder looking over my shoulder. It’s where the frameworks that usually live in a notebook get finished, where a playbook gets written the way I’d actually want to read one, not the way a template forces it, and where an idea gets the room it needs instead of getting cut down to fit a sprint.
Most of my career has been spent defending systems and people across frontline support, systems, mobility, infrastructure, blue team operations, and security. Doing the technical work, planning the work, and translating the technical parts into something non‑technical people can understand. That includes incident response and threat detection aligned to NIST frameworks, ACSC Essential Eight implementation, SIEM and XDR deployment, SOC operations and escalation, vulnerability scanning and remediation, phishing simulations and awareness training, and the ongoing work of documentation and risk reduction across cloud and on‑prem environments. I’ve worked the technical layer and the human layer. Tuning detection rules, designing training that actually changes behaviour, and building processes that survive the real world.
This workshop is where I break down the decisions that actually shape security in practice and work through the parts of the craft that don’t fit inside a corporate environment. It’s where I build the documents and tools I wish existed, write long‑form pieces for other practitioners, and sharpen my own thinking by putting it on a page. You’ll find practical guides, NIST CSF 2.0 content, incident response material, vulnerability management, patch roundups, and the occasional framework or template I built because the existing one annoyed me enough to fix it. Some of it is polished, some of it is unfinished thinking, but all of it is built with the same intent: to make cyber security clearer, simpler, and more usable for the people doing the work.
If you want the human side of things. The travel, the nostalgia, the stories that happen outside the SOC, you’ll find that on my other blog, Tayven’s World: https://tayven.com/