Protoxol — Field notes from the operations floor

Protoxol — Field notes from the operations floor https://protoxol.com/blog.html Practical writing on detection, response and modern security operations. en Thu, 11 Jun 2026 11:20:56 GMT Protoxol build-seo.js Hardening macOS fleets for enterprise https://protoxol.com/blog/hardening-macos-fleets-for-enterprise.html https://protoxol.com/blog/hardening-macos-fleets-for-enterprise.html Mon, 09 Feb 2026 00:00:00 GMT Practical Guides Phishing-resistant authentication: passkeys, FIDO2, and reality https://protoxol.com/blog/phishing-resistant-authentication-passkeys-fido2-and-reality.html https://protoxol.com/blog/phishing-resistant-authentication-passkeys-fido2-and-reality.html Mon, 09 Feb 2026 00:00:00 GMT Concepts Base AWS security quick wins: 15 controls to implement first https://protoxol.com/blog/aws-security-quick-wins-15-controls-to-implement-first.html https://protoxol.com/blog/aws-security-quick-wins-15-controls-to-implement-first.html Sun, 08 Feb 2026 00:00:00 GMT Cloud & Infra Email gateway tuning: reducing false positives without risk https://protoxol.com/blog/email-gateway-tuning-reducing-false-positives-without-risk.html https://protoxol.com/blog/email-gateway-tuning-reducing-false-positives-without-risk.html Sun, 08 Feb 2026 00:00:00 GMT Threat Trends How attackers bypass MFA (and how to stop them) https://protoxol.com/blog/how-attackers-bypass-mfa-and-how-to-stop-them.html https://protoxol.com/blog/how-attackers-bypass-mfa-and-how-to-stop-them.html Sun, 08 Feb 2026 00:00:00 GMT Threat Trends Security review of third parties: vendor risk in practice https://protoxol.com/blog/security-review-of-third-parties-vendor-risk-in-practice.html https://protoxol.com/blog/security-review-of-third-parties-vendor-risk-in-practice.html Fri, 06 Feb 2026 00:00:00 GMT Compliance OAuth and OIDC pitfalls in SaaS integrations https://protoxol.com/blog/oauth-and-oidc-pitfalls-in-saas-integrations.html https://protoxol.com/blog/oauth-and-oidc-pitfalls-in-saas-integrations.html Thu, 05 Feb 2026 00:00:00 GMT Cloud & Infra Azure security quick wins: identity, logging, and segmentation https://protoxol.com/blog/azure-security-quick-wins-identity-logging-and-segmentation.html https://protoxol.com/blog/azure-security-quick-wins-identity-logging-and-segmentation.html Thu, 05 Feb 2026 00:00:00 GMT Cloud & Infra Cyber insurance readiness: controls that affect underwriting https://protoxol.com/blog/cyber-insurance-readiness-controls-that-affect-underwriting.html https://protoxol.com/blog/cyber-insurance-readiness-controls-that-affect-underwriting.html Wed, 04 Feb 2026 00:00:00 GMT Compliance Threat hunting 101: hypotheses, data, and success metrics https://protoxol.com/blog/threat-hunting-101-hypotheses-data-and-success-metrics.html https://protoxol.com/blog/threat-hunting-101-hypotheses-data-and-success-metrics.html Wed, 04 Feb 2026 00:00:00 GMT Practical Guides IoT security for SMBs: what matters and what doesn’t https://protoxol.com/blog/iot-security-for-smbs-what-matters-and-what-doesn-t.html https://protoxol.com/blog/iot-security-for-smbs-what-matters-and-what-doesn-t.html Tue, 03 Feb 2026 00:00:00 GMT Devices OSCP study plan for busy professionals https://protoxol.com/blog/oscp-study-plan-for-busy-professionals.html https://protoxol.com/blog/oscp-study-plan-for-busy-professionals.html Mon, 02 Feb 2026 00:00:00 GMT Certifications Attack surface management: external exposure in reality https://protoxol.com/blog/attack-surface-management-external-exposure-in-reality.html https://protoxol.com/blog/attack-surface-management-external-exposure-in-reality.html Sun, 01 Feb 2026 00:00:00 GMT Practical Guides HSMs explained: when you need them https://protoxol.com/blog/hsms-explained-when-you-need-them.html https://protoxol.com/blog/hsms-explained-when-you-need-them.html Sat, 31 Jan 2026 00:00:00 GMT Devices How to choose a SIEM in 2026: cost, data, and outcomes https://protoxol.com/blog/how-to-choose-a-siem-in-2026-cost-data-and-outcomes.html https://protoxol.com/blog/how-to-choose-a-siem-in-2026-cost-data-and-outcomes.html Sat, 31 Jan 2026 00:00:00 GMT Recovery Red teaming vs purple teaming: choosing the right exercise https://protoxol.com/blog/red-teaming-vs-purple-teaming-choosing-the-right-exercise.html https://protoxol.com/blog/red-teaming-vs-purple-teaming-choosing-the-right-exercise.html Sat, 31 Jan 2026 00:00:00 GMT Ethical Hacking Ransomware readiness: a short plan that works https://protoxol.com/blog/ransomware-readiness-a-short-plan-that-works.html https://protoxol.com/blog/ransomware-readiness-a-short-plan-that-works.html Tue, 27 Jan 2026 00:00:00 GMT Threat Trends Microsoft 365 security baseline for SMBs https://protoxol.com/blog/microsoft-365-security-baseline-for-smbs.html https://protoxol.com/blog/microsoft-365-security-baseline-for-smbs.html Thu, 22 Jan 2026 00:00:00 GMT Practical Guides ISO 27001 implementation roadmap for fast-moving teams https://protoxol.com/blog/iso-27001-implementation-roadmap-for-fast-moving-teams.html https://protoxol.com/blog/iso-27001-implementation-roadmap-for-fast-moving-teams.html Mon, 19 Jan 2026 00:00:00 GMT Compliance MITRE ATT&CK mapping without the theater https://protoxol.com/blog/mitre-att-ck-mapping-without-the-theater.html https://protoxol.com/blog/mitre-att-ck-mapping-without-the-theater.html Mon, 19 Jan 2026 00:00:00 GMT Practical Guides NIST CSF: a practical implementation guide https://protoxol.com/blog/nist-csf-a-practical-implementation-guide.html https://protoxol.com/blog/nist-csf-a-practical-implementation-guide.html Wed, 14 Jan 2026 00:00:00 GMT Compliance Secure remote work: beyond VPN https://protoxol.com/blog/secure-remote-work-beyond-vpn.html https://protoxol.com/blog/secure-remote-work-beyond-vpn.html Sat, 10 Jan 2026 00:00:00 GMT Practical Guides Credential stuffing: detection signals and mitigation steps https://protoxol.com/blog/credential-stuffing-detection-signals-and-mitigation-steps.html https://protoxol.com/blog/credential-stuffing-detection-signals-and-mitigation-steps.html Sat, 10 Jan 2026 00:00:00 GMT Threat Trends Threat modeling for product teams: fast and effective https://protoxol.com/blog/threat-modeling-for-product-teams-fast-and-effective.html https://protoxol.com/blog/threat-modeling-for-product-teams-fast-and-effective.html Fri, 09 Jan 2026 00:00:00 GMT Education Threat intel to detection: turning reports into rules https://protoxol.com/blog/threat-intel-to-detection-turning-reports-into-rules.html https://protoxol.com/blog/threat-intel-to-detection-turning-reports-into-rules.html Wed, 07 Jan 2026 00:00:00 GMT Recovery Backup strategy that survives ransomware https://protoxol.com/blog/backup-strategy-that-survives-ransomware.html https://protoxol.com/blog/backup-strategy-that-survives-ransomware.html Wed, 07 Jan 2026 00:00:00 GMT Recovery SBOMs that help: operationalizing component risk https://protoxol.com/blog/sboms-that-help-operationalizing-component-risk.html https://protoxol.com/blog/sboms-that-help-operationalizing-component-risk.html Mon, 05 Jan 2026 00:00:00 GMT Threat Trends How to run a post-incident review that improves security https://protoxol.com/blog/how-to-run-a-post-incident-review-that-improves-security.html https://protoxol.com/blog/how-to-run-a-post-incident-review-that-improves-security.html Sun, 04 Jan 2026 00:00:00 GMT Recovery API security checklist for SaaS teams https://protoxol.com/blog/api-security-checklist-for-saas-teams.html https://protoxol.com/blog/api-security-checklist-for-saas-teams.html Fri, 02 Jan 2026 00:00:00 GMT Cloud & Infra Key management: KMS basics and common failures https://protoxol.com/blog/key-management-kms-basics-and-common-failures.html https://protoxol.com/blog/key-management-kms-basics-and-common-failures.html Sat, 27 Dec 2025 00:00:00 GMT Cloud & Infra DNS as a control plane: detecting exfiltration patterns https://protoxol.com/blog/dns-as-a-control-plane-detecting-exfiltration-patterns.html https://protoxol.com/blog/dns-as-a-control-plane-detecting-exfiltration-patterns.html Sat, 27 Dec 2025 00:00:00 GMT Threat Trends Okta / IdP incidents: hardening identity providers https://protoxol.com/blog/okta-idp-incidents-hardening-identity-providers.html https://protoxol.com/blog/okta-idp-incidents-hardening-identity-providers.html Thu, 25 Dec 2025 00:00:00 GMT Threat Trends SOC staffing models: 24/7 coverage without burnout https://protoxol.com/blog/soc-staffing-models-24-7-coverage-without-burnout.html https://protoxol.com/blog/soc-staffing-models-24-7-coverage-without-burnout.html Tue, 23 Dec 2025 00:00:00 GMT Education Password managers for enterprises: rollout plan and pitfalls https://protoxol.com/blog/password-managers-for-enterprises-rollout-plan-and-pitfalls.html https://protoxol.com/blog/password-managers-for-enterprises-rollout-plan-and-pitfalls.html Tue, 23 Dec 2025 00:00:00 GMT Practical Guides Data loss prevention for modern SaaS: a pragmatic approach https://protoxol.com/blog/data-loss-prevention-for-modern-saas-a-pragmatic-approach.html https://protoxol.com/blog/data-loss-prevention-for-modern-saas-a-pragmatic-approach.html Mon, 22 Dec 2025 00:00:00 GMT Cloud & Infra Data sovereignty: what changes with regions and cloud https://protoxol.com/blog/data-sovereignty-what-changes-with-regions-and-cloud.html https://protoxol.com/blog/data-sovereignty-what-changes-with-regions-and-cloud.html Thu, 18 Dec 2025 00:00:00 GMT Compliance Detection engineering: writing detections that survive production https://protoxol.com/blog/detection-engineering-writing-detections-that-survive-production.html https://protoxol.com/blog/detection-engineering-writing-detections-that-survive-production.html Thu, 18 Dec 2025 00:00:00 GMT Threat Trends How to build an incident response retainer that actually helps https://protoxol.com/blog/how-to-build-an-incident-response-retainer-that-actually-helps.html https://protoxol.com/blog/how-to-build-an-incident-response-retainer-that-actually-helps.html Thu, 18 Dec 2025 00:00:00 GMT Practical Guides Browser-based attacks: modern exploit chains to watch https://protoxol.com/blog/browser-based-attacks-modern-exploit-chains-to-watch.html https://protoxol.com/blog/browser-based-attacks-modern-exploit-chains-to-watch.html Wed, 17 Dec 2025 00:00:00 GMT Threat Trends Incident response playbook: roles, timelines, and comms https://protoxol.com/blog/incident-response-playbook-roles-timelines-and-comms.html https://protoxol.com/blog/incident-response-playbook-roles-timelines-and-comms.html Wed, 17 Dec 2025 00:00:00 GMT Practical Guides SOC as a Service: what you get and what to ask before buying https://protoxol.com/blog/soc-as-a-service-what-you-get-and-what-to-ask-before-buying.html https://protoxol.com/blog/soc-as-a-service-what-you-get-and-what-to-ask-before-buying.html Tue, 16 Dec 2025 00:00:00 GMT Concepts Base Mobile device security for leadership (BYOD without regret) https://protoxol.com/blog/mobile-device-security-for-leadership-byod-without-regret.html https://protoxol.com/blog/mobile-device-security-for-leadership-byod-without-regret.html Sat, 13 Dec 2025 00:00:00 GMT Devices Secure coding: top 10 patterns that prevent incidents https://protoxol.com/blog/secure-coding-top-10-patterns-that-prevent-incidents.html https://protoxol.com/blog/secure-coding-top-10-patterns-that-prevent-incidents.html Mon, 08 Dec 2025 00:00:00 GMT Education Tabletop exercises: running a cyber crisis simulation https://protoxol.com/blog/tabletop-exercises-running-a-cyber-crisis-simulation.html https://protoxol.com/blog/tabletop-exercises-running-a-cyber-crisis-simulation.html Mon, 08 Dec 2025 00:00:00 GMT Education GIAC certifications: picking the right track for your domain https://protoxol.com/blog/giac-certifications-picking-the-right-track-for-your-domain.html https://protoxol.com/blog/giac-certifications-picking-the-right-track-for-your-domain.html Sun, 07 Dec 2025 00:00:00 GMT Certifications Threat intelligence program: what to collect and how to use it https://protoxol.com/blog/threat-intelligence-program-what-to-collect-and-how-to-use-it.html https://protoxol.com/blog/threat-intelligence-program-what-to-collect-and-how-to-use-it.html Tue, 02 Dec 2025 00:00:00 GMT Recovery Secure browser isolation: when it makes sense https://protoxol.com/blog/secure-browser-isolation-when-it-makes-sense.html https://protoxol.com/blog/secure-browser-isolation-when-it-makes-sense.html Sun, 30 Nov 2025 00:00:00 GMT Cloud & Infra Shadow IT: discovery and governance without blocking teams https://protoxol.com/blog/shadow-it-discovery-and-governance-without-blocking-teams.html https://protoxol.com/blog/shadow-it-discovery-and-governance-without-blocking-teams.html Sun, 30 Nov 2025 00:00:00 GMT Education XSS: modern exploitation paths and defenses https://protoxol.com/blog/xss-modern-exploitation-paths-and-defenses.html https://protoxol.com/blog/xss-modern-exploitation-paths-and-defenses.html Tue, 25 Nov 2025 00:00:00 GMT Ethical Hacking Insider threat: detection signals and fair policy design https://protoxol.com/blog/insider-threat-detection-signals-and-fair-policy-design.html https://protoxol.com/blog/insider-threat-detection-signals-and-fair-policy-design.html Mon, 24 Nov 2025 00:00:00 GMT Threat Trends