t34ch.tech
Technology & Security Education

T34ch
Tech

Writing and courses at the intersection of technology, security, and the craft of building systems that last.

Drawn from practice. Written to be useful.

20+
Years in practice
32
Published articles
05
Courses
08
Active projects
Featured Series
COLDBOOT
25-Part Series · From Power Button to Shell Prompt
How a computer actually starts. Every step, from voltage on a wire to a running shell. No prerequisites assumed.
Start Reading →
Articles
01 //

Articles

00
Operations
How to Build Standard Operating Procedures in Chaos
Most SOPs are written after the crisis, filed in a wiki nobody reads, and forgotten until the next crisis. Here is how to write procedures that survive contact with reality.
Mar 2026
20 min
01
Incident Response
Incident Response Fundamentals
The IR lifecycle, triage discipline, evidence handling, containment decisions, and communication under pressure -- a field guide for analysts starting their first real response.
Mar 2026
25 min
01
Incident Response
Dwell Time as a Security Metric: What It Tells You and What It Hides
Most response programs treat mean time to detect as a success metric. It is not — it is a lagging indicator dressed up as a KPI.
Mar 2026
12 min
02
Applied ML / NLP
Using Language Models for Threat Intelligence Triage at Scale
Zero-shot classification against MITRE ATT&CK without a training corpus. What works, what does not, and where the technique breaks down.
Feb 2026
18 min
03
Cryptography
SPAKE2 in Practice: Key Exchange for Low-Trust Peer Channels
A working implementation walkthrough with notes on entropy sourcing, nonce discipline, and where PAKE fits in a broader authentication architecture.
Feb 2026
22 min
04
Infrastructure
GeoDNS Without the Drama: Lessons from a Four-Node Mesh
Why we replaced LUA-based GeoDNS records with plain round-robin and a BGP overlay, and what we learned about operational complexity along the way.
Jan 2026
15 min
05
Security Engineering
mTLS + WebAuthn + DPoP: A Layered Authentication Stack
Three complementary protocols and why none of them are sufficient alone. A design walkthrough from first principles to production.
Jan 2026
25 min
06
Standards
Physical Identifier Standards: GS1, ISO 15459, VIN, and the Gaps Between Them
What every long-lived object tracking system can learn from automotive and logistics. A survey of what works and where the seams show.
Dec 2025
20 min
07
Psychoacoustics
Sound as Cognitive Signal: Designing Alert Vocabularies for Security Operations
Additive synthesis, FM synthesis, and the psychoacoustics of urgency. How to build an auditory icon system that actually communicates severity.
Nov 2025
16 min
08
Cryptography
One-Time Pad Key Material: Substrate Selection Under Constraint
Nitrocellulose, silk, and mulberry paper. Physical key material for hand ciphers under adversarial threat models, from entropy sourcing to destruction.
Oct 2025
14 min
Courses
02 //

Courses

Foundational · All Levels

Cold Boot

From power button to shell prompt. A 25-article series explaining how a computer actually starts -- voltage, firmware, bootloaders, kernel, filesystem, and shell. Every step, no prerequisites assumed.

Hardware Firmware Boot Kernel Filesystem Shell
Duration10 hrs
FormatSelf-Paced
Articles25
LevelBeginner
Foundational · All Levels

Incident Response Operations

From alert to after-action report. Covers triage methodology, evidence preservation, containment decision trees, and structured communication under pressure. Grounded in 20 years of hands-on response work across enterprise environments.

Triage Evidence Handling Containment After-Action Communication
Duration8 hrs
FormatSelf-Paced
Modules12
LevelAll
Intermediate · Cryptography

One-Time Pad Operational Training

The complete manual encryption system used in Cold War field operations. Mod-10 straddling checkerboard, key material handling, encrypt/decrypt pipelines. Interactive drills, timed exercises, and skill benchmarks build genuine operational proficiency.

One-Time Pad Mod-10 Checkerboard Key Material COMSEC
Duration10 hrs
FormatDrill-Based
Modules13
LevelIntermediate
Sitekmsp42.com
kmsp42.com · kmsp42.com/course
Advanced · Engineering + Ops

Threat Hunting with ML and NLP

Apply language models, TensorFlow, and zero-shot classifiers to security telemetry. Build pipelines that surface behavioral anomalies without signature dependency. Real datasets, real tooling, real adversarial conditions.

NLP TensorFlow ATT&CK Mapping Anomaly Detection SIEM
Duration16 hrs
FormatLab-Intensive
Modules20
LevelAdvanced
Practitioner · Security Leaders

Building Security Programs That Last

Not frameworks — outcomes. Covers metrics that matter, stakeholder communication, hiring and retaining analysts, and the organizational patterns that separate durable programs from ones that collapse under pressure.

Program Design Metrics Hiring Stakeholders Resilience
Duration6 hrs
FormatWorkshop
Modules8
LevelLeadership
Standards
03 //

Standards

ISO/IEC 27001:2022
Information Security Management Systems

The international standard for establishing, implementing, maintaining, and continually improving an ISMS. Annex A controls, risk assessment methodology, Statement of Applicability, and certification audit preparation.

GCVE BCP-02
Vulnerability Handling and Disclosure

The complete vulnerability lifecycle -- from intake and severity assessment through coordinated disclosure. Covers response team structure, CVSS triage, 60-90 day disclosure timelines, researcher engagement, and advisory publication. Practical, actionable, built on real-world coordination experience.
MITRE ATT&CK
Adversary Tactics, Techniques & Common Knowledge

The common taxonomy for adversary behavior. Tactics, techniques, sub-techniques, and procedures mapped to real-world threat groups. Used for detection engineering, threat intelligence, and purple team exercises.

ISO 15459 / GS1
Unique Item Identification & Physical Identifiers

Standards for uniquely identifying physical objects across supply chains. Issuing agency codes, GTINs, SSCCs, serialization, and the bridge between physical items and digital records.