// writing
IT ops war stories, automation deep dives, and enterprise infrastructure lessons.
Several weeks after we enforced Okta Device Trust across our Windows fleet, 50 users couldn't log in on a Monday morning. The cause was an Intune update ring that hadn't done what we thought it had.
Why we left Jamf after six years, how we evaluated Kandji, and the wave-by-wave migration process that moved 550 employee devices without losing a single one.
Most SOX access reviews are a formality. Here's the tool I built to make them actually find something, with AI-powered new hire provisioning recommendations, 6 violation patterns, and a Claude-generated audit report.
A* pathfinding, Bresenham raycasting for fog of war, and procedural Web Audio synthesis — the three systems that make Derelict Command feel like a real game.
I needed a side project that had nothing to do with IT operations. So I built a 3D tactical roguelike in WebGL. Here's the architecture, the state management lessons, and how BSP map generation works.
The war story is already written. This is the planning tool I built from everything that went wrong, with phased timelines, wave size math, and platform-specific risk flags for whatever MDM pair you're running.
A P1 incident ends. Everyone is exhausted. Now you have 24 hours to write a structured postmortem. Here's the tool I built so that part takes 30 seconds instead of two hours.
Every access request was a Slack DM, then a form, then manual approval routing, then a Jira ticket. I collapsed that into one slash command.
GitHub EMU migration has no rollback. Here's the pre-flight toolkit I built after migrating 600 users and 2,300 repositories, and the things that nearly broke without it.
Every Okta tenant accumulates zombie integrations over time. Apps nobody uses, SCIM configs nobody maintains, integrations from tools that were sunset two years ago. Here's how I audited ours.
After getting 14 plugins returning data, I had a new problem: the same part appeared in four different formats across sources. Exact matching missed 60% of cross-source results. Here's how I fixed it.
Every IT manager says they have Joiner/Mover/Leaver automation. Here's the visual configurator I built based on running ADP-to-Okta lifecycle automation for 900 employees, and what breaks before it works.
Standard scrapers get blocked immediately on most dealer sites. Here's the fingerprinting problem, why Playwright alone doesn't solve it, and how Camoufox changed everything.
SOC2 prep starts with a spreadsheet and ends with an auditor. Here's the tool I built to give IT teams a live view of their gap state across all 5 Trust Services Criteria, without the manual work.
Finding OEM parts across 18+ supplier sources is entirely manual. I decided to build a scraper orchestrator. Here's the architecture I landed on and why the naive approach doesn't work.
My M1 MacBook would drop Wi-Fi or lose DNS silently, 3–4 times a week. The fix was always the same four steps. So I automated them.
Most health-adjacent companies don't know their HIPAA gap state until an auditor tells them. Here's the tool I built to surface it in under 10 minutes, including a BAA tracker and SOC2 crosswalk.
Most IT teams track SaaS in spreadsheets and audit it once a quarter. By then the damage is done. Here's the tool I built to surface waste continuously.
Manual triage was costing my team 2–5 minutes per ticket, every ticket, every day. Here's the Streamlit app that killed that workflow.