After 12 years reviewing code in Big Tech security teams, I can tell you the same vulnerabilities show up in every codebase: unsanitized inputs, broken auth, and secrets in source code. These aren’t exotic attacks — they’re patterns that any developer can learn to prevent. Here are the secure coding… Read more →
Security, DevOps & Trading Tech — Practical Guides
-
Secure C# ConcurrentDictionary for Production
I’ve debugged more ConcurrentDictionary race conditions than I care to admit. Thread-safe doesn’t mean bug-free — it means the failure modes are subtler and harder to reproduce. After shipping high-throughput C# services in production environments, here’s what I’ve learned about making ConcurrentDictionary actually production-ready. See also our guide on ConcurrentDictionary… Read more →
-
Self-Hosted GitOps Pipeline: Gitea + ArgoCD Guide
I self-host Gitea on my TrueNAS homelab and use it to deploy everything from trading bots to media servers. The error message that started this guide was maddening: “Permission denied while cloning repository.” It was my repository. On my server. In my basement. Yet somehow, my GitOps pipeline decided to… Read more →
-
Why AI Makes Architecture the Only Skill That Matters
Last month, I built a complete microservice in a single afternoon. Not a prototype. Not a proof-of-concept. A production-grade service with authentication, rate limiting, PostgreSQL integration, full test coverage, OpenAPI docs, and a CI/CD pipeline. Containerized, deployed, monitoring configured. The kind of thing that would have taken my team two… Read more →
-
Vibe Coding Is a Security Nightmare: How to Fix It
Three weeks ago I reviewed a pull request from a junior developer on our team. The code was clean—suspiciously clean. Good variable names, proper error handling, even JSDoc comments. I approved it, deployed it, and moved on. Then our SAST scanner flagged it. Hardcoded API keys in a utility function. An… Read more →
-
Claude Code Review: My Honest Take After 3 Months
Three months ago, I was skeptical. Another AI coding tool? I’d already tried GitHub Copilot, Cursor, and a handful of VS Code extensions that promised to “10x my productivity.” Most of them were glorified autocomplete — helpful for boilerplate, useless for anything that required actual understanding of a codebase. Then… Read more →
-
Boost C# ConcurrentDictionary Performance in Kubernetes
Explore a production-grade, security-first approach to using C# Concurrent Dictionary in Kubernetes environments. Learn best practices for scalability and DevSecOps integration. Introduction to C# Concurrent Dictionary 📌 TL;DR: Explore a production-grade, security-first approach to using C# Concurrent Dictionary in Kubernetes environments. Learn best practices for scalability and DevSecOps integration. 🎯 Quick Answer: ConcurrentDictionary… Read more →
-
Home Network Segmentation with OPNsense: A Complete Guide
My homelab has 30+ Docker containers, 4 VLANs, and over a dozen IoT devices—all managed through OPNsense on a Protectli vault. Before I set up segmentation, my smart plugs could ping my NAS and my guest Wi-Fi clients could see every service on my network. This guide walks you through… Read more →
-
Risk Management & Position Sizing for Traders
I blew up a paper trading account in my first month of algorithmic trading. Not because my signals were wrong—my position sizing was. I’ve since built automated risk management into every layer of my Python trading system, from Kelly Criterion calculations to real-time drawdown monitoring. Here’s the framework that keeps… Read more →
-
Threat Modeling Made Simple for Developers
I run a threat model for every new service I deploy—whether it’s a Kubernetes workload on my homelab or an API headed to production. It doesn’t have to be a week-long exercise. Here’s the simplified process I use that takes an afternoon and catches the issues that actually matter. In today’s… Read more →