RMF Step by Step: What the Framework Actually Requires (and What It Doesn't)
Most practitioners know the steps. Fewer understand where the flexibility actually lives. This breaks it down without the NIST formalism.
The notes from my board — guides, runbooks, news analysis, and practitioner observations on what's actually happening in cybersecurity. Written for colleagues, not classrooms.
I have a physical board behind my desk covered in sticky notes. Topics I'm tracking. Things that clicked. Runbooks I built for myself before I realized someone else might need them. News that mattered and my take on why.
This page is the digital version of that board. It's not a course. It's not polished for a general audience. It's practitioner-to-practitioner — the kind of notes you'd share with your colleague over Teams.
If you're maintaining certifications, staying current, or just trying to think more clearly about a problem — you're in the right place.
Everything falls into one of these buckets. Each one is worth a different kind of attention.
Topic deep-dives written from experience — not from a textbook. Frameworks, concepts, and controls explained the way a practitioner would explain them to a colleague.
Browse guides →Operational, step-by-step. Built because I needed them first. Each one is something I've actually run in my homelab or tested in a real environment — not theoretical procedures.
Browse runbooks →Current advisories, vulnerabilities, and incidents — with context. Not a feed. A practitioner's take on what actually matters and what the implications are for your environment.
Browse analysis →Shorter notes on patterns, lessons, and things I keep seeing in the field. The kind of thing you'd write on a sticky note and tape to your monitor so you don't forget it.
Browse observations →Latest guides, runbooks, and analysis — sorted by what's most useful right now.
Most practitioners know the steps. Fewer understand where the flexibility actually lives. This breaks it down without the NIST formalism.
A practical IR process for small-to-mid security teams. Roles, actions, decision points — without assuming you have eight analysts on shift.
Every firewall company sells Zero Trust now. Here's what the NIST definition actually says and why it matters for your architecture conversations.
These notes come from someone who has held the certifications, sat the exams, and maintained the continuing education requirements — for over a decade. This isn't commentary from the sidelines.
Content on this site may qualify toward CPE/CEU requirements for ISACA, CompTIA, and other certifying bodies — verify with your organization's continuing education policy.
When something worth writing goes up, you'll hear about it first. Practical, peer-level cybersecurity content — no vendor spin, no course pitches.
No spam. Unsubscribe anytime.