SIEM Architecture — Reference
Reference architecture for a working SIEM: ingestion, normalization, detection layer, response loop — with the cost and quality trade-offs at each junction.
ReportingRecon
VORNAC RESEARCH
Blue-team operations, the security-product landscape, and compliance posture.
Reference
Reference architecture for a working SIEM: ingestion, normalization, detection layer, response loop — with the cost and quality trade-offs at each junction.
TLS attack surface organized by ceremony stage: handshake, certificate path, cipher choice, record layer — with the deprecation and mitigation timeline.
DDoS attack-class taxonomy with the corresponding mitigation layers — anycast, scrubbing, app-layer rate logic.
Linux operator hardening, TCP/IP operational notes for detection engineers, AD defense from the defender's perspective, and data-center host hardening where physical access intersects vendor patches.
Background
What changes at the perimeter, the realities of office network hardening (BYOD, printers, guest segmentation), and database security beyond SQL injection — replication, backup, encryption-at-rest.
Cross-walk between common control frameworks, the reference architecture for an in-house risk-control platform, and the field-level orientation map of the discipline.
From reference to evidence