https://7f57629a.jeremiahwindle.pages.dev/categories/security/Recent content in Security on Jeremiah WindleHugoen-usWed, 18 Mar 2026 00:00:00 +0000https://7f57629a.jeremiahwindle.pages.dev/blog/siem-platforms-compared/Wed, 18 Mar 2026 00:00:00 +0000https://7f57629a.jeremiahwindle.pages.dev/blog/siem-platforms-compared/Most SIEM comparisons are written by vendors or analysts who’ve seen the demos. This one is written by someone who’s used these platforms in production — ingesting real logs, tuning real alerts, and investigating real incidents across dozens of client environments. Here’s what actually matters. The Three Platforms I’ve had meaningful production time with: Kibana (ELK Stack) — primary SIEM at my current MSP for security operations across municipal government clients Perch Security — co-managed SIEM platform purpose-built for MSPs, used across 40+ client organizations Splunk — exposure through client environments and hands-on study; included here for completeness against the standard that everyone measures against Kibana (ELK Stack) Kibana is the visualization layer on top of Elasticsearch and Logstash — the “K” in ELK.https://7f57629a.jeremiahwindle.pages.dev/blog/conditional-access-policies/Sat, 28 Feb 2026 00:00:00 +0000https://7f57629a.jeremiahwindle.pages.dev/blog/conditional-access-policies/Conditional Access is one of those features where the gap between “we have it enabled” and “we have it configured correctly” is wide enough that attackers drive through it regularly. I’ve managed CA policies across 100+ organizations at two MSPs. Here’s the framework I’ve landed on. The Foundation: What CA Actually Is Conditional Access is Entra ID’s policy engine. Every sign-in attempt hits it, and the policy evaluates conditions — who is signing in, from where, on what device, to what application — and makes a decision: allow, block, or allow with requirements (MFA, compliant device, etc.