Vision
Where AI takes cybersecurity and application delivery next.
What AI-Driven Cybersecurity Actually Looks Like
Moving from alert fatigue to autonomous defense across the F5, Palo Alto, and Cloudflare stack.
Read the article →Vision · Application DeliveryThe Self-Optimizing Load Balancer
Application delivery is becoming predictive, intent-driven, and self-tuning.
Read the article →Field notes
Advanced patterns in application delivery and security I keep coming back to.
Hardening the Kubernetes Edge
Security belongs at the cluster boundary, not bolted on later.
Read the article →F5 Distributed CloudOne App, Many Clouds
A single delivery and security fabric across on-prem and public cloud.
Read the article →Cloudflare · Zero TrustIdentity at the Edge, Origins in the Dark
Reachable without a single inbound port open.
Read the article →Akamai · DDoSAbsorbing the Big Ones
Volumetric and application attacks need different tools.
Read the article →Multi-CDN · Dual DNSSteering Traffic for Resilience
Single-provider dependence is a hidden single point of failure.
Read the article →Advanced CLI Field Guide
Outside-the-box troubleshooting for the F5 portfolio. The GUI configures; the CLI tells the truth.
F5 BIG-IP
tmsh, tmctl, and the tcpdump peer-flow trick
# See client-side AND server-side of one connection in a single capture (the :nnnp peer-flow suffix) tcpdump -ni 0.0:nnnp host 203.0.113.10 # Live connection table filtered to one client tmsh show sys connection cs-client-addr 203.0.113.10 # Raw TMM internal stat tables the GUI never surfaces tmctl -w 200 tmm/flow_stats # Fan one command out across every chassis blade at once clsh 'tmsh show sys performance'
F5 NGINX / Ingress
Plus API, nginx -T, and in-pod inspection
# Dump the FULL running config including every include nginx -T | less # Live upstream health and latency from the NGINX Plus API curl -s http://127.0.0.1:8080/api/9/http/upstreams | jq # Community ingress-nginx or F5 NGINX Ingress Controller? kubectl get pods -n ingress-nginx -o jsonpath='{.items[*].metadata.labels.app\.kubernetes\.io/name}' # Render the config from inside the ingress pod kubectl exec deploy/nginx-ingress -n nginx-ingress -- nginx -T
F5 Distributed Cloud
vesctl, kubectl on the Customer Edge, raw API
# Pull a load balancer object as YAML straight from the CLI vesctl configuration get http_loadbalancer -n <namespace> <lb-name> # Enumerate objects in a namespace vesctl configuration list http_loadbalancer -n <namespace> # A Customer Edge is a hardened Linux and K8s node, so kubectl works on it kubectl get pods -A # Customer Edge platform status and tunnels to the Regional Edges vpm status
Technologies I work with
About
I am a Senior Solutions Architect at SHI Advanced Solutions Group, focused on network and cybersecurity, with 16+ years helping organizations design and implement secure, scalable, and practical solutions. Over the years I have worked across many industries through roles at Fishnet Security, HP, INE, Sirius/CDW, and now SHI.
I hold expert certifications including F5-CSE (Security and Cloud) and CCIE Enterprise Infrastructure, along with 36+ certifications from vendors such as Wiz, Cloudflare, Palo Alto, NGINX, Check Point, AWS, Meraki, and ISC2, and I am one of a small group of engineers worldwide who hold every F5 certification. I am passionate about mentorship, continuous learning, and making complex technology clear.
This is a personal site and blog. Opinions here are my own and not those of my employer.