All Series
Infrastructure security and platform engineering — practitioner-written, practitioner-depth.
Each series is a complete curriculum: a structured sequence of posts that builds understanding from first principles to production-grade depth. Not a collection of loosely related articles.
Active
eBPF: From Kernel to Cloud
How Cilium, Falco, and Tetragon actually work at the kernel level. For SREs, platform engineers, and security practitioners running Kubernetes who want to understand what eBPF-based tools are doing — not just how to deploy them.
13 of 18 episodes published · Active, weekly Tuesdays
Kubernetes: From Borg to Platform Engineering
How Kubernetes went from Google’s internal Borg system in 2003 to the substrate for platform engineering in 2025. Covers the container wars, CNCF donation, RBAC adoption, the operator pattern, PSP deprecation, dockershim removal, eBPF integration, GitOps, and what shipped in v1.33–v1.35.
8 of 8 episodes published · Complete
Kubernetes CRDs & Operators: Extending the API
From what a CRD is through building a production operator with kubebuilder. Covers CRD schema, CEL validation, the controller reconcile loop, versioning with conversion webhooks, admission webhooks, and production patterns for finalizers and status conditions.
10 of 10 episodes published · Complete
Cloud IAM: From Zero to Master
AWS, GCP, and Azure access control from first principles to privilege escalation defense and Zero Trust architecture. Covers the deny-by-default model, cross-cloud IAM patterns, federation, and the attack paths through IAM that security teams need to know before an attacker finds them.
12 of 12 episodes published · Complete
The Identity Stack: From LDAP to Zero Trust
Enterprise authentication from the ground up: how LDAP was invented, how Kerberos works, what SSSD actually does on every Linux login, Active Directory internals, SAML and OIDC, and how to log into a Linux VM with Entra ID credentials. For Linux administrators and infrastructure practitioners who have used these tools but never had the full picture explained.
13 of 13 episodes published · Complete
OS Hardening as Code
Declarative OS hardening: declare your Linux security baseline in YAML, build it reproducibly across any cloud provider, get an automated compliance grade before deployment, and block unhardened images from reaching production. Built around Stratum, an open-core (Apache 2.0) hardening platform.
6 of 6 episodes published · Complete
Immutable OS: From Hardened Image to Self-Healing Infrastructure
The sequel to OS Hardening as Code: read-only root filesystems, atomic A/B image updates, and one-command rollback — for engineers who’ve hardened an image and want it to stay that way after boot #10,000. Covers ostree, bootc, Fedora CoreOS/Silverblue, and Talos Linux.
2 of 6 episodes published · Active
Zero to Hero: Cybersecurity Architecture Masterclass
Resilient, identity-centric security architecture from first principles: dismantling the castle-and-moat model, STRIDE threat modeling, hardening the AWS identity perimeter, surviving ransomware with immutable data, AI-assisted SecOps, and continuous validation.
6 of 6 modules published · Complete
Purple Team Playbook: Cloud, Kubernetes, and Linux Attack Paths
Red attacks, Blue detects, Purple defends. Real breach anatomy — MFA fatigue at Uber, SSRF at Capital One, SolarWinds and XZ Utils — mapped to OWASP Top 10 and turned into detection rules and defense-in-depth you can actually deploy.
11 of 13 episodes published · Active
OWASP LLM Top 10: From Web Roots to AI Frontiers
How OWASP’s classic assumptions — deterministic behavior, parseable input, enumerable permissions — break down for LLM applications, and what the OWASP LLM Top 10 (2025) actually requires. Written by an infrastructure security architect, not an ML researcher.
2 of 22 episodes published, 5 more scheduled through late July · Active
Identity in the Agentic Era
AI agents are non-human identities, and most teams are repeating every IAM anti-pattern from the cloud-native era — faster, with actors that are autonomous and manipulable. Covers RAG access control, OIDC workload identity for LLM pipelines, and zero trust for agentic architectures.
3 of 6 episodes scheduled, publishing through July 13 · Active
Kubernetes Ecosystem: From User to Contributor
MicroK8s, Minikube, Rancher, Crossplane, Karpenter, and their closest companions — profiled the way their own maintainers would explain them, then pushed one step further into where each tool actually falls short and what a real contribution there would look like.
10 of 10 episodes scheduled, publishing every alternate day from July 11 · Active
Get new episodes in your inbox → linuxcent.com/subscribe