Sep 18, 2024

Building Mission Control Playbooks

How automation, AI copilots, and clear decision loops shorten the distance between detection and response.

1 min read
Building Mission Control Playbooks

Every major incident I have supported over the past decade shared the same constraint: human attention. Analysts were buried in alerts, collaboration channels became noisy, and leadership struggled to understand what mattered most.

Mission Control Playbooks started as a sketch on a whiteboard—"What if we could encode the best judgment of our top responders and make it available to everyone on the team?" The answer blended automation with human empathy.

Guiding principles

  1. Codify critical decisions. Each playbook documents the question we need to answer, who owns it, and the telemetry required.
  2. Automate the toil. Scripts and workflows collect evidence, enrich indicators, and stage recommended actions.
  3. Keep a human in the loop. Clear checkpoints allow responders to accept, modify, or reject the automated guidance.

The stack

We built the foundation with Azure Functions, Defender, and Sentinel. Copilots assist by summarizing log excerpts, generating draft comms, and suggesting hypotheses. Everything publishes into a shared Teams channel so executives, legal, and communications stay aligned.

Results so far

  • 40% faster containment decisions for ransomware simulations.
  • Analysts reclaimed hours per shift to focus on threat hunting.
  • Leadership receives executive-ready updates in minutes, not hours.

The next frontier is augmenting these playbooks with simulation data. If you're experimenting with similar approaches, I'd love to compare notes.

View archive
Jul 3, 2026

Codex Security, One Month Later

I ran Codex Security against my own website twice about a month apart, and it has really improved. The second run felt less like watching a scan and more like working through a real security review. The exact tooling matters less than the habit. Run Dependabot, keep packages current, but do not stop there.

#ai#cybersecurity#tools
Mar 8, 2026

What I Built From a LinkedIn Data Archive and One Focused AI Session

I turned a LinkedIn data archive into reusable AI context, a speaker sheet, a use-cases guide, and a downloadable skill for repeating the workflow.

#ai#tools#writing
May 3, 2020

Here's one way I check for malicious IPs

AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet. Here's a tool I wrote to query their API and data base of malicious IPs.

#tools#dfir