Building Mission Control Playbooks
How automation, AI copilots, and clear decision loops shorten the distance between detection and response.
Every major incident I have supported over the past decade shared the same constraint: human attention. Analysts were buried in alerts, collaboration channels became noisy, and leadership struggled to understand what mattered most.
Mission Control Playbooks started as a sketch on a whiteboard—"What if we could encode the best judgment of our top responders and make it available to everyone on the team?" The answer blended automation with human empathy.
Guiding principles
- Codify critical decisions. Each playbook documents the question we need to answer, who owns it, and the telemetry required.
- Automate the toil. Scripts and workflows collect evidence, enrich indicators, and stage recommended actions.
- Keep a human in the loop. Clear checkpoints allow responders to accept, modify, or reject the automated guidance.
The stack
We built the foundation with Azure Functions, Defender, and Sentinel. Copilots assist by summarizing log excerpts, generating draft comms, and suggesting hypotheses. Everything publishes into a shared Teams channel so executives, legal, and communications stay aligned.
Results so far
- 40% faster containment decisions for ransomware simulations.
- Analysts reclaimed hours per shift to focus on threat hunting.
- Leadership receives executive-ready updates in minutes, not hours.
The next frontier is augmenting these playbooks with simulation data. If you're experimenting with similar approaches, I'd love to compare notes.
Keep reading
View archiveCodex Security, One Month Later
I ran Codex Security against my own website twice about a month apart, and it has really improved. The second run felt less like watching a scan and more like working through a real security review. The exact tooling matters less than the habit. Run Dependabot, keep packages current, but do not stop there.
What I Built From a LinkedIn Data Archive and One Focused AI Session
I turned a LinkedIn data archive into reusable AI context, a speaker sheet, a use-cases guide, and a downloadable skill for repeating the workflow.
Here's one way I check for malicious IPs
AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet. Here's a tool I wrote to query their API and data base of malicious IPs.