> WHAT BROKE · WHAT TO DETECT · WHAT TO SHIP

Defensive engineering intelligence,
one brief a week.

Security debt becomes an incident on a Tuesday morning you didn't see coming. Weekly Recon ships you one attack walked end to end, one detection you can adapt this week, and one defender move worth a PR before Friday. Cloud, agents, CI/CD, Kubernetes, supply chain. Whatever is actually breaking. Not link dumps. Not advisory headlines.

For cloud security engineers, product security engineers, detection engineers, platform engineers, AppSec, DevSecOps, and security engineering leaders. The people who write the IaC, ship the rules, and own the alert at 02:00.

Or read recent briefings first →

> By R.K. Chidambaram. OSCP + OAWSP + AWS Security Specialty + AWS Advanced Networking. 15+ years building and securing AWS, Kubernetes, CI/CD, detection, and supply-chain systems in production. Not slide decks.

> 01

What lands in your inbox every Tuesday

// attack of the week

What broke. How it breaks.

One attack walked end to end. The exact surface that fails, not the headline summary. Cloud, agents, CI/CD, Kubernetes, supply chain.

// rule of the week

What to detect.

A buildable detection idea you can stand up this week. Sigma sketch, Config rule, CloudTrail query, log signature. Catches the class, not just this week's incident.

// defender's corner

What to ship.

One defender move worth a PR before Friday. Named configs, named services. Concrete enough to land in a PR, not a roadmap.

> 02

Who writes this

R.K. Chidambaram

Cloud security engineer · Toronto

15+ years building and securing production systems on AWS and Kubernetes. I work on IAM, detection engineering, CI/CD security, software supply chain, and the agent-identity problems the industry is still figuring out. Weekly Recon is the brief I'd want in my own inbox on a Tuesday morning: one attack worth knowing, one rule worth building, one defender move worth shipping.

Written for engineers with a terminal open. No slide decks. No compliance theater. No vendor pitches dressed up as research.

Proof of work:

scan.defensive.works // GHA security scanner teampcp-goat // cloud supply-chain CTF raajhe.sh // engineering notes LinkedIn

--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

> SUBSCRIBE

JavaScript is required to subscribe from this page. Email rk@defensive.works and I'll add you manually.

One brief every Tuesday, 09:00 ET. Free. Unsubscribe link in every email.