I'm Santiago Friquet. I write about what I actually build and learn — cloud detection pipelines, incident response, AI/ML security, and how to turn raw data into working defenses.
Practical, technical content from someone who has built and broken these systems firsthand — across enterprise environments and fast-moving startups.
How to turn raw cloud logs into actionable intelligence. ETL pipelines, detection logic, alert triage, and what actually matters when an incident happens in AWS or GCP.
Detection is not alerts — it's knowledge. Writing detection rules that work, managing false positives, building a detection program that improves over time instead of generating noise.
Securing LLMs, AI pipelines, and ML systems. MLSecOps in practice — from model integrity to prompt injection to supply chain risks most teams aren't thinking about yet.
Building resilience before the incident happens. Simulating chaos, testing IR playbooks, and lessons from real-world response work across enterprise and startup environments.
Four pillars for modern detection pipelines — from raw log ingestion to AI-powered signals and GitOps for alert management.
How to stress-test your IR program before a real attack does it for you. Open-source simulation built to expose detection blind spots.
Adapting DevSecOps to non-deterministic, agentic models — the new attack surface most security teams aren't ready for.
Most teams confuse generating alerts with building detection. Here's the difference — and why it matters more in an AI-powered security stack.
A structured, repeatable five-phase methodology for building security programs — developed from experience across enterprise and startup environments.
Security tools I build and maintain — free to use, built from what I actually need while doing the work.
CVE tracking with real-time exploitability signals from NVD, CISA KEV, and EPSS. Search and monitor vulnerabilities in a way that actually makes sense. API available.
Open-source Python framework for simulating realistic attack scenarios. Test detection coverage, expose IR blind spots, and validate your monitoring before a real incident does it for you.
I've managed security programs at an enterprise firm in Argentina and worked across multiple startups at different growth stages. SOCHUB is where I share what I learn along the way — without the filter of a vendor pitch or a consulting agenda.
My technical focus is cloud detection and response, incident simulation, and AI/ML security. I build tools, write articles, and share everything publicly.
Whether you have a question about something I wrote, want to discuss a security challenge, or are looking for advisory help — my inbox is open.
New articles on cloud detection, incident response, and AI security — delivered when there's something worth reading. No filler.
Subscribe Free