Security thinking,
shared openly.
I'm Santiago Friquet. I write about what I actually build and learn — cloud detection pipelines, incident response, AI/ML security, and how to turn raw data into working defenses.
What I Write About
Practical, technical content from someone who has built and broken these systems firsthand — across enterprise environments and fast-moving startups.
Cloud Detection & Response
How to turn raw cloud logs into actionable intelligence. ETL pipelines, detection logic, alert triage, and what actually matters when an incident happens in AWS or GCP.
Detection Engineering
Detection is not alerts — it's knowledge. Writing detection rules that work, managing false positives, building a detection program that improves over time instead of generating noise.
AI / ML Security
Securing LLMs, AI pipelines, and ML systems. MLSecOps in practice — from model integrity to prompt injection to supply chain risks most teams aren't thinking about yet.
Incident Response & Simulation
Building resilience before the incident happens. Simulating chaos, testing IR playbooks, and lessons from real-world response work across enterprise and startup environments.
Latest Articles
Vibecoding an Open-Source SOC Platform: What Held Up and What Didn't
SOC Hub is now open source. The latest round was built mostly by describing features in plain English to an AI agent — here's what that actually looked like, including the parts where the vibe broke and judgment had to take over.
SOC Hub: An Open-Source AI-Powered Case Management Platform
A multi-tenant, AI-assisted SOC case management system built for security teams that have outgrown Jira but can't justify the enterprise SIEM-adjacent platforms.
Detection & Response in Cloud Environments: Zero to ETL
Building the infrastructure that turns raw cloud logs into actionable intelligence — from ingest pipelines to AI-powered signals and GitOps-managed detection rules.