security

Drawing from my experience building a distributed cybersecurity firm, I share how I defined a meaningful company culture centered on the principle that "how you do anything is how you do everything." By embracing asynchronous communication and remote work, we avoided the trap of empty mission statements and instead focused on practical actions that support our team's autonomy and customer-centric goals.

I explore the challenges of securing remote access to Azure virtual machines for both internal staff and external consultants, highlighting the risks of traditional RDP exposure. By mapping out various authentication options, including Azure AD and MFA, I share my findings on establishing a robust and secure management strategy.

Following up on my popular 2019 guide to remote access, I explore how the newly released Azure Bastion Host resolves many of the previous architectural challenges with a more secure and cost-effective PaaS solution. In this post, I break down exactly what Azure Bastion Host is and provide a detailed cost analysis to help you estimate expenses for your own deployment.

After finding KeePass too isolated and 1Password cumbersome for family use, I discovered Bitwarden as a flexible, cross-platform alternative that supports self-hosting. I decided to bypass the subscription fees by deploying the open-source Bitwarden-rs fork using Docker on my always-on Synology NAS to create a secure, synchronized password manager.

Although this post focuses on deploying the open-source Tesla tracking tool Teslamate, I believe it offers valuable insights into Azure’s flexibility for securing services that might apply to your own projects. I walk through my experience hosting Teslamate on a Synology NAS to handle its Docker requirements, while leveraging Azure to establish a secure, authenticated access layer over the default unencrypted HTTP connection.