Security thinking,
shared openly.
I'm Santiago Friquet. I write about what I actually build and learn — cloud detection pipelines, incident response, AI/ML security, and how to turn raw data into working defenses.
What I Write About
Practical, technical content from someone who has built and broken these systems firsthand — across enterprise environments and fast-moving startups.
Cloud Detection & Response
How to turn raw cloud logs into actionable intelligence. ETL pipelines, detection logic, alert triage, and what actually matters when an incident happens in AWS or GCP.
Detection Engineering
Detection is not alerts — it's knowledge. Writing detection rules that work, managing false positives, building a detection program that improves over time instead of generating noise.
AI / ML Security
Securing LLMs, AI pipelines, and ML systems. MLSecOps in practice — from model integrity to prompt injection to supply chain risks most teams aren't thinking about yet.
Incident Response & Simulation
Building resilience before the incident happens. Simulating chaos, testing IR playbooks, and lessons from real-world response work across enterprise and startup environments.
Latest Articles
SOC Hub: An Open-Source AI-Powered Case Management Platform
A multi-tenant, AI-assisted SOC case management system built for modern security teams.
Detection & Response in Cloud Environments: Zero to ETL
Building the infrastructure that turns raw cloud logs into actionable intelligence — from ingest pipelines to AI-powered signals and GitOps-managed detection rules.
SIRAS: Simulating Chaos to Build Resilience
How to stress-test your incident response program before a real attack does it for you. Introducing SIRAS, an open-source simulation tool for exposing detection blind spots.