<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Pavel Glukhikh — Engineering Publication</title><description>Articles, research, whitepapers, and engineering notes by Pavel Glukhikh: enterprise architecture, AI integrity, cybersecurity, infrastructure, and leadership.</description><link>https://iampavel.com/</link><language>en-us</language><managingEditor>me@iampavel.com (Pavel Glukhikh)</managingEditor><item><title>Network Segmentation That Survives the Real World</title><link>https://iampavel.com/cybersecurity/network-segmentation-strategy/</link><guid isPermaLink="true">https://iampavel.com/cybersecurity/network-segmentation-strategy/</guid><description>How to design network segmentation an enterprise can operate: zone models, enforcement points, identity integration, and a migration path from flat networks.</description><pubDate>Sat, 04 Jul 2026 00:00:00 GMT</pubDate></item><item><title>Technology roadmaps as decision records, not Gantt theater</title><link>https://iampavel.com/leadership/technology-roadmaps/</link><guid isPermaLink="true">https://iampavel.com/leadership/technology-roadmaps/</guid><description>A technology roadmap is a set of decision records over time, not Gantt theater. How to anchor to EOL realities, sequence by risk, and re-plan quarterly.</description><pubDate>Sat, 04 Jul 2026 00:00:00 GMT</pubDate></item><item><title>Critical infrastructure protection: a dependency problem</title><link>https://iampavel.com/industrial-systems/critical-infrastructure-protection/</link><guid isPermaLink="true">https://iampavel.com/industrial-systems/critical-infrastructure-protection/</guid><description>Critical infrastructure protection explained by dependency: sector interdependencies, CISA and NERC CIP context, and the defenses that matter to operators.</description><pubDate>Fri, 03 Jul 2026 00:00:00 GMT</pubDate></item><item><title>An enterprise AI adoption framework that survives contact</title><link>https://iampavel.com/ai/enterprise-ai-adoption-framework/</link><guid isPermaLink="true">https://iampavel.com/ai/enterprise-ai-adoption-framework/</guid><description>A staged enterprise AI adoption framework from an architect&apos;s seat: use-case triage, build vs buy vs wait, platform foundations, and metrics that matter.</description><pubDate>Thu, 02 Jul 2026 00:00:00 GMT</pubDate></item><item><title>Operational Resilience: Engineering Systems That Survive</title><link>https://iampavel.com/cybersecurity/operational-resilience/</link><guid isPermaLink="true">https://iampavel.com/cybersecurity/operational-resilience/</guid><description>Operational resilience as an engineered property: failure domains, degraded-mode design, tested RTO over dashboard uptime, and real failover discipline.</description><pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate></item><item><title>Static sites on Cloudflare Workers static assets</title><link>https://iampavel.com/notes/cloudflare-workers-static-sites/</link><guid isPermaLink="true">https://iampavel.com/notes/cloudflare-workers-static-sites/</guid><description>Serving a static Astro build from Cloudflare Workers: trailing slashes, custom 404s, caching, and the one-command deploy loop — this site&apos;s exact setup.</description><pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate></item><item><title>AI risk management for engineers, not auditors</title><link>https://iampavel.com/ai/ai-risk-management/</link><guid isPermaLink="true">https://iampavel.com/ai/ai-risk-management/</guid><description>AI risk management that engineers can run: a five-domain taxonomy, assessments that produce decisions, NIST AI RMF mapping, and monitoring that closes the loop.</description><pubDate>Tue, 30 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Digital transformation without the theater</title><link>https://iampavel.com/leadership/digital-transformation/</link><guid isPermaLink="true">https://iampavel.com/leadership/digital-transformation/</guid><description>What digital transformation actually gets funded to mean, why most programs fail, and how to tell a real modernization program from an expensive show.</description><pubDate>Mon, 29 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Infrastructure modernization without the theater</title><link>https://iampavel.com/infrastructure/infrastructure-modernization/</link><guid isPermaLink="true">https://iampavel.com/infrastructure/infrastructure-modernization/</guid><description>An infrastructure modernization approach without transformation theater: what to replace, what to keep, strangler patterns, funding, and risk-first sequencing.</description><pubDate>Sun, 28 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Zero Trust Architecture: What It Is and What It Isn&apos;t</title><link>https://iampavel.com/cybersecurity/zero-trust-architecture/</link><guid isPermaLink="true">https://iampavel.com/cybersecurity/zero-trust-architecture/</guid><description>Zero trust architecture explained by a practitioner: the policy decision model, identity as control plane, migration sequencing, and what it won&apos;t fix.</description><pubDate>Sat, 27 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Autonomous infrastructure: how far can self-healing go?</title><link>https://iampavel.com/research/autonomous-infrastructure/</link><guid isPermaLink="true">https://iampavel.com/research/autonomous-infrastructure/</guid><description>An investigation into closed-loop infrastructure automation — from auto-remediation to AI-driven operations — and where human accountability must survive.</description><pubDate>Thu, 18 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Cloud architecture: decisions that matter more than the venue</title><link>https://iampavel.com/infrastructure/cloud-architecture/</link><guid isPermaLink="true">https://iampavel.com/infrastructure/cloud-architecture/</guid><description>Cloud architecture as engineering, not ideology: landing zones, identity, network, data gravity, and egress economics — the decisions that actually matter.</description><pubDate>Wed, 17 Jun 2026 00:00:00 GMT</pubDate></item><item><title>OT remote access architecture: vendor access without regret</title><link>https://iampavel.com/industrial-systems/ot-remote-access-architecture/</link><guid isPermaLink="true">https://iampavel.com/industrial-systems/ot-remote-access-architecture/</guid><description>Safe remote access to industrial control systems: jump architecture, session brokering, MFA, break-glass paths, and what should never be exposed.</description><pubDate>Wed, 10 Jun 2026 00:00:00 GMT</pubDate></item><item><title>RAG architecture for the enterprise</title><link>https://iampavel.com/ai/rag-architecture-for-the-enterprise/</link><guid isPermaLink="true">https://iampavel.com/ai/rag-architecture-for-the-enterprise/</guid><description>Enterprise RAG architecture end to end: pipeline design, chunking and index tradeoffs, permission-aware retrieval, and measuring grounding faithfulness.</description><pubDate>Tue, 09 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Infrastructure as Code Is an Operating Model, Not a Tool</title><link>https://iampavel.com/infrastructure/infrastructure-as-code-operating-model/</link><guid isPermaLink="true">https://iampavel.com/infrastructure/infrastructure-as-code-operating-model/</guid><description>Infrastructure as code beyond the tooling: repo structure, review gates, drift management, state security, and CI/CD pipelines that make IaC trustworthy.</description><pubDate>Tue, 09 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Kubernetes in production: what it is and when it earns it</title><link>https://iampavel.com/infrastructure/kubernetes/</link><guid isPermaLink="true">https://iampavel.com/infrastructure/kubernetes/</guid><description>Kubernetes explained as a control loop over desired state: when it earns its complexity, the production-readiness territory, and what operating it costs.</description><pubDate>Wed, 03 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Hybrid Cloud Landing Zone</title><link>https://iampavel.com/architecture-library/hybrid-cloud-landing-zone/</link><guid isPermaLink="true">https://iampavel.com/architecture-library/hybrid-cloud-landing-zone/</guid><description>Reference architecture for a hybrid cloud landing zone: account structure, identity federation, VPN/DX connectivity, policy guardrails, and cost visibility.</description><pubDate>Tue, 02 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Gaming leadership is real leadership</title><link>https://iampavel.com/leadership/gaming-leadership-real-skills/</link><guid isPermaLink="true">https://iampavel.com/leadership/gaming-leadership-real-skills/</guid><description>A serious look at leading large gaming organizations — EVE Online corporations and alliances — and the management skills that transfer to the workplace.</description><pubDate>Sat, 30 May 2026 00:00:00 GMT</pubDate></item><item><title>Responsible AI: an engineering definition that holds</title><link>https://iampavel.com/ai/responsible-ai/</link><guid isPermaLink="true">https://iampavel.com/ai/responsible-ai/</guid><description>Responsible AI decomposed into engineering terms: integrity, security, accountability, and transparency, and the operational controls that make each real.</description><pubDate>Wed, 27 May 2026 00:00:00 GMT</pubDate></item><item><title>AI governance: decision rights, evidence, and control</title><link>https://iampavel.com/ai/ai-governance/</link><guid isPermaLink="true">https://iampavel.com/ai/ai-governance/</guid><description>What AI governance actually is: decision rights backed by evidence, the artifact set that makes it real, and where the EU AI Act and NIST AI RMF fit.</description><pubDate>Wed, 20 May 2026 00:00:00 GMT</pubDate></item><item><title>An AI Integrity Reference Model for the Enterprise</title><link>https://iampavel.com/whitepapers/ai-integrity-reference-model/</link><guid isPermaLink="true">https://iampavel.com/whitepapers/ai-integrity-reference-model/</guid><description>A four-layer reference model for AI integrity — data, model behavior, interaction security, accountability — with control objectives and NIST AI RMF mapping.</description><pubDate>Wed, 20 May 2026 00:00:00 GMT</pubDate></item><item><title>How I Run a Security Architecture Review (With Checklist)</title><link>https://iampavel.com/cybersecurity/security-architecture-review-checklist/</link><guid isPermaLink="true">https://iampavel.com/cybersecurity/security-architecture-review-checklist/</guid><description>A working security architecture review method: data-flow-first analysis, trust boundary mapping, the questions that expose real risk, and a usable checklist.</description><pubDate>Tue, 19 May 2026 00:00:00 GMT</pubDate></item><item><title>Zero trust: what it means, what it isn&apos;t, where to start</title><link>https://iampavel.com/cybersecurity/zero-trust/</link><guid isPermaLink="true">https://iampavel.com/cybersecurity/zero-trust/</guid><description>What zero trust actually means, where it came from, and how to start: a practitioner&apos;s orientation to the model, the ecosystem, and the first moves.</description><pubDate>Thu, 14 May 2026 00:00:00 GMT</pubDate></item><item><title>Ransomware defense: a lifecycle map, not a product list</title><link>https://iampavel.com/cybersecurity/ransomware-defense/</link><guid isPermaLink="true">https://iampavel.com/cybersecurity/ransomware-defense/</guid><description>Ransomware defense mapped as a lifecycle — prevent, contain, survive, recover — and the engineering decisions at each stage that decide the outcome.</description><pubDate>Thu, 07 May 2026 00:00:00 GMT</pubDate></item><item><title>Engineering management: what the job actually is</title><link>https://iampavel.com/leadership/engineering-management/</link><guid isPermaLink="true">https://iampavel.com/leadership/engineering-management/</guid><description>Engineering management without the clichés: decision quality, context distribution, operational accountability, the IC transition, and the anti-patterns.</description><pubDate>Fri, 01 May 2026 00:00:00 GMT</pubDate></item><item><title>Operational technology: computers whose output is physics</title><link>https://iampavel.com/industrial-systems/operational-technology/</link><guid isPermaLink="true">https://iampavel.com/industrial-systems/operational-technology/</guid><description>What operational technology is, why OT and IT grew apart, and how data, remote access, and AI are forcing them back together. From four years on plant networks.</description><pubDate>Wed, 29 Apr 2026 00:00:00 GMT</pubDate></item><item><title>SCADA security: a practitioner&apos;s map of the discipline</title><link>https://iampavel.com/industrial-systems/scada-security/</link><guid isPermaLink="true">https://iampavel.com/industrial-systems/scada-security/</guid><description>SCADA security explained by an engineer who ran plant control networks: why OT differs from IT, the real threat model, and the control set that works.</description><pubDate>Wed, 22 Apr 2026 00:00:00 GMT</pubDate></item><item><title>VPN architecture patterns and when VPN is the wrong answer</title><link>https://iampavel.com/networking/vpn-architecture-patterns/</link><guid isPermaLink="true">https://iampavel.com/networking/vpn-architecture-patterns/</guid><description>VPN architecture from an operator&apos;s seat: site-to-site vs remote access, WireGuard vs IPsec vs TLS, split vs full tunnel, and where ZTNA replaces the VPN.</description><pubDate>Tue, 21 Apr 2026 00:00:00 GMT</pubDate></item><item><title>OT/IT convergence: a strategy operations will accept</title><link>https://iampavel.com/industrial-systems/ot-it-convergence-strategy/</link><guid isPermaLink="true">https://iampavel.com/industrial-systems/ot-it-convergence-strategy/</guid><description>OT/IT convergence beyond the buzzword: shared services that work, the patching reality, who owns the boundary firewall, and earning trust with operations.</description><pubDate>Mon, 20 Apr 2026 00:00:00 GMT</pubDate></item><item><title>Network documentation that works: the minimum artifact set</title><link>https://iampavel.com/networking/network-documentation-that-works/</link><guid isPermaLink="true">https://iampavel.com/networking/network-documentation-that-works/</guid><description>The network documentation that gets used and stays current: L3 diagrams, IPAM, patch records, change logs, and the docs-as-code workflow that keeps them alive.</description><pubDate>Sat, 18 Apr 2026 00:00:00 GMT</pubDate></item><item><title>Observability Platform Architecture</title><link>https://iampavel.com/architecture-library/observability-platform/</link><guid isPermaLink="true">https://iampavel.com/architecture-library/observability-platform/</guid><description>Reference architecture for observability: metrics, logs, and trace pipelines, tiered storage, retention economics, alert routing, and dashboard governance.</description><pubDate>Thu, 16 Apr 2026 00:00:00 GMT</pubDate></item><item><title>AI evaluation in production: evals as regression tests</title><link>https://iampavel.com/ai/evaluating-ai-systems-in-production/</link><guid isPermaLink="true">https://iampavel.com/ai/evaluating-ai-systems-in-production/</guid><description>A working AI evaluation program: golden sets that gate releases, drift monitoring, human review sampling, and incident thresholds that trigger a rollback.</description><pubDate>Tue, 14 Apr 2026 00:00:00 GMT</pubDate></item><item><title>Cloud vs On-Premises: An Honest Decision Framework</title><link>https://iampavel.com/infrastructure/cloud-vs-onprem-decision-framework/</link><guid isPermaLink="true">https://iampavel.com/infrastructure/cloud-vs-onprem-decision-framework/</guid><description>A cloud vs on-premises framework built on real constraints: egress costs, data gravity, compliance, latency, and staffing — and why hybrid is the usual answer.</description><pubDate>Tue, 14 Apr 2026 00:00:00 GMT</pubDate></item><item><title>From engineer to executive: what changes, what to keep</title><link>https://iampavel.com/leadership/from-engineer-to-executive/</link><guid isPermaLink="true">https://iampavel.com/leadership/from-engineer-to-executive/</guid><description>The engineer to executive path through its real transitions — IC to lead to manager to executive — what each takes from you and what to refuse to give up.</description><pubDate>Tue, 07 Apr 2026 00:00:00 GMT</pubDate></item><item><title>Resilient Multi-Site Infrastructure Design</title><link>https://iampavel.com/whitepapers/resilient-multi-site-infrastructure/</link><guid isPermaLink="true">https://iampavel.com/whitepapers/resilient-multi-site-infrastructure/</guid><description>Designing infrastructure that survives site loss: failure domains, active-active vs active-passive, replication and RPO/RTO math, and failover testing.</description><pubDate>Tue, 07 Apr 2026 00:00:00 GMT</pubDate></item><item><title>Datacenter energy as the binding constraint on computing</title><link>https://iampavel.com/research/datacenter-energy-constraints/</link><guid isPermaLink="true">https://iampavel.com/research/datacenter-energy-constraints/</guid><description>Why power availability — not chips or capital — is becoming the limiting factor for AI-era infrastructure, and what it means for architecture decisions today.</description><pubDate>Thu, 02 Apr 2026 00:00:00 GMT</pubDate></item><item><title>Incident Response From the Infrastructure Seat</title><link>https://iampavel.com/cybersecurity/incident-response-for-infrastructure-teams/</link><guid isPermaLink="true">https://iampavel.com/cybersecurity/incident-response-for-infrastructure-teams/</guid><description>Incident response for infrastructure teams: the preparation artifacts that matter, containment calls under pressure, and balancing evidence with recovery.</description><pubDate>Tue, 17 Mar 2026 00:00:00 GMT</pubDate></item><item><title>Measuring AI Integrity: Toward Useful Metrics</title><link>https://iampavel.com/research/measuring-ai-integrity/</link><guid isPermaLink="true">https://iampavel.com/research/measuring-ai-integrity/</guid><description>An active research program on measuring AI integrity: why accuracy metrics miss it, dimensions like grounding faithfulness, and harness design.</description><pubDate>Thu, 12 Mar 2026 00:00:00 GMT</pubDate></item><item><title>Proxmox cluster quorum and QDevice setup</title><link>https://iampavel.com/notes/proxmox-cluster-quorum/</link><guid isPermaLink="true">https://iampavel.com/notes/proxmox-cluster-quorum/</guid><description>Why two-node Proxmox clusters lock up, how corosync counts votes, setting up a corosync QDevice tiebreaker, and the safe node-maintenance procedure.</description><pubDate>Sun, 08 Mar 2026 00:00:00 GMT</pubDate></item><item><title>Active Directory hardening: the first 10 moves</title><link>https://iampavel.com/notes/active-directory-hardening-quick-wins/</link><guid isPermaLink="true">https://iampavel.com/notes/active-directory-hardening-quick-wins/</guid><description>Ten AD hardening quick wins in priority order: admin tiering, Windows LAPS, killing NTLMv1 and SMBv1, krbtgt rotation, and audit policy that catches abuse.</description><pubDate>Thu, 05 Mar 2026 00:00:00 GMT</pubDate></item><item><title>OT Network Reference Architecture</title><link>https://iampavel.com/architecture-library/ot-network-reference/</link><guid isPermaLink="true">https://iampavel.com/architecture-library/ot-network-reference/</guid><description>Purdue-informed OT network reference: zones and conduits, industrial DMZ, unidirectional gateway options, secure remote access, and sensor placement.</description><pubDate>Thu, 05 Mar 2026 00:00:00 GMT</pubDate></item><item><title>Network troubleshooting methodology that finds root cause</title><link>https://iampavel.com/networking/network-troubleshooting-methodology/</link><guid isPermaLink="true">https://iampavel.com/networking/network-troubleshooting-methodology/</guid><description>A network troubleshooting method that survives real outages: OSI layering used correctly, the ping-to-packet-capture tooling ladder, and symptom traps to avoid.</description><pubDate>Tue, 03 Mar 2026 00:00:00 GMT</pubDate></item><item><title>The ICS threat landscape: what actually hits operators</title><link>https://iampavel.com/industrial-systems/ics-threat-landscape/</link><guid isPermaLink="true">https://iampavel.com/industrial-systems/ics-threat-landscape/</guid><description>A realistic ICS threat landscape for operators: ransomware spillover, exposed devices, vendor access — and what Stuxnet through PIPEDREAM really teach.</description><pubDate>Fri, 27 Feb 2026 00:00:00 GMT</pubDate></item><item><title>LLM security: threats and defensive architecture</title><link>https://iampavel.com/ai/securing-llm-applications/</link><guid isPermaLink="true">https://iampavel.com/ai/securing-llm-applications/</guid><description>A practical LLM security threat model — prompt injection, data exfiltration, tool abuse, supply chain — and the defensive architecture that contains them.</description><pubDate>Tue, 24 Feb 2026 00:00:00 GMT</pubDate></item><item><title>What a client technology leader actually does</title><link>https://iampavel.com/leadership/client-technology-leadership/</link><guid isPermaLink="true">https://iampavel.com/leadership/client-technology-leadership/</guid><description>Inside the client technology leader role: owning technical strategy for someone else&apos;s business, balancing delivery with innovation, and telling sales no.</description><pubDate>Tue, 24 Feb 2026 00:00:00 GMT</pubDate></item><item><title>Building a Home Lab With Production Discipline</title><link>https://iampavel.com/infrastructure/building-a-production-grade-lab/</link><guid isPermaLink="true">https://iampavel.com/infrastructure/building-a-production-grade-lab/</guid><description>How to build an engineering home lab that mirrors production: hardware tiers, virtualization choices, network segmentation, and the skills worth practicing.</description><pubDate>Tue, 24 Feb 2026 00:00:00 GMT</pubDate></item><item><title>Building an ICS Security Program: A Blueprint</title><link>https://iampavel.com/whitepapers/ics-security-program-blueprint/</link><guid isPermaLink="true">https://iampavel.com/whitepapers/ics-security-program-blueprint/</guid><description>A blueprint for an industrial control system security program: governance, asset inventory, Purdue-informed architecture, OT monitoring, and incident response.</description><pubDate>Wed, 18 Feb 2026 00:00:00 GMT</pubDate></item><item><title>Prometheus cardinality control: find it, kill it</title><link>https://iampavel.com/notes/prometheus-cardinality-control/</link><guid isPermaLink="true">https://iampavel.com/notes/prometheus-cardinality-control/</guid><description>Hunting high-cardinality Prometheus series with tsdb analyze and topk queries, then killing them with relabel drops, limits, and recording rules.</description><pubDate>Wed, 11 Feb 2026 00:00:00 GMT</pubDate></item><item><title>Production Kubernetes Platform</title><link>https://iampavel.com/architecture-library/production-kubernetes-platform/</link><guid isPermaLink="true">https://iampavel.com/architecture-library/production-kubernetes-platform/</guid><description>Reference architecture for production Kubernetes: HA control plane, ingress, GitOps delivery, observability, backup, and multi-environment promotion.</description><pubDate>Thu, 22 Jan 2026 00:00:00 GMT</pubDate></item><item><title>Identity Security: Defending the Perimeter You Actually Have</title><link>https://iampavel.com/cybersecurity/identity-first-security/</link><guid isPermaLink="true">https://iampavel.com/cybersecurity/identity-first-security/</guid><description>Identity security in practice: the tiered admin model, where MFA belongs, taming service accounts, conditional access, and surviving an IdP compromise.</description><pubDate>Tue, 20 Jan 2026 00:00:00 GMT</pubDate></item><item><title>DNS architecture for resilience</title><link>https://iampavel.com/networking/dns-architecture-resilience/</link><guid isPermaLink="true">https://iampavel.com/networking/dns-architecture-resilience/</guid><description>DNS architecture that fails gracefully: authoritative/recursive separation, anycast, TTL strategy, DNSSEC tradeoffs, and the failure patterns behind outages.</description><pubDate>Thu, 15 Jan 2026 00:00:00 GMT</pubDate></item><item><title>AI governance engineers won&apos;t route around</title><link>https://iampavel.com/ai/ai-governance-for-engineers/</link><guid isPermaLink="true">https://iampavel.com/ai/ai-governance-for-engineers/</guid><description>AI governance that ships as code: policy-as-code, model cards, audit trails, and the NIST AI RMF mapped to engineering artifacts your teams already produce.</description><pubDate>Tue, 13 Jan 2026 00:00:00 GMT</pubDate></item><item><title>Technical decision making that doesn&apos;t stall the team</title><link>https://iampavel.com/leadership/technical-decision-making/</link><guid isPermaLink="true">https://iampavel.com/leadership/technical-decision-making/</guid><description>A working system for technical decision making: decision records, reversible vs one-way doors, disagree-and-commit, and review boards that aren&apos;t theater.</description><pubDate>Tue, 13 Jan 2026 00:00:00 GMT</pubDate></item><item><title>Observability Stack Design: Metrics, Logs, Traces, and Cost</title><link>https://iampavel.com/infrastructure/observability-stack-design/</link><guid isPermaLink="true">https://iampavel.com/infrastructure/observability-stack-design/</guid><description>How to design an observability stack that engineers trust: Prometheus and Loki-class architecture, retention and cost engineering, and symptom-based alerting.</description><pubDate>Tue, 13 Jan 2026 00:00:00 GMT</pubDate></item><item><title>SCADA Network Design: Polling, Protocols, and Redundancy</title><link>https://iampavel.com/industrial-systems/scada-network-design/</link><guid isPermaLink="true">https://iampavel.com/industrial-systems/scada-network-design/</guid><description>SCADA network design from the wire up: polling vs report-by-exception, Modbus and DNP3 security realities, redundancy, time sync, and remote site links.</description><pubDate>Mon, 12 Jan 2026 00:00:00 GMT</pubDate></item><item><title>Wildcard certificates with Let&apos;s Encrypt DNS-01</title><link>https://iampavel.com/notes/wildcard-certificates-dns01/</link><guid isPermaLink="true">https://iampavel.com/notes/wildcard-certificates-dns01/</guid><description>Issuing Let&apos;s Encrypt wildcard certificates via DNS-01 with acme.sh and certbot: API-token scoping, propagation pitfalls, and renewal monitoring that works.</description><pubDate>Tue, 06 Jan 2026 00:00:00 GMT</pubDate></item><item><title>Zero Trust for the Mid-Size Enterprise</title><link>https://iampavel.com/whitepapers/zero-trust-mid-size-enterprise/</link><guid isPermaLink="true">https://iampavel.com/whitepapers/zero-trust-mid-size-enterprise/</guid><description>A pragmatic zero trust architecture for 500–5,000-user organizations: what to build, what to buy, what to skip, with a phase plan grounded in NIST SP 800-207.</description><pubDate>Wed, 10 Dec 2025 00:00:00 GMT</pubDate></item><item><title>Secure Enterprise Campus Network</title><link>https://iampavel.com/architecture-library/secure-enterprise-network/</link><guid isPermaLink="true">https://iampavel.com/architecture-library/secure-enterprise-network/</guid><description>Reference architecture for a zoned campus and datacenter network: L3 core, firewall placement, NAC admission, and an isolated management plane.</description><pubDate>Tue, 09 Dec 2025 00:00:00 GMT</pubDate></item><item><title>Diagnosing BGP session flaps systematically</title><link>https://iampavel.com/notes/diagnosing-bgp-session-flaps/</link><guid isPermaLink="true">https://iampavel.com/notes/diagnosing-bgp-session-flaps/</guid><description>A field checklist for BGP session flaps: reading reset reasons, hold-timer analysis, MTU blackholes, dampening, and TCP resets — Cisco and FRR commands.</description><pubDate>Tue, 02 Dec 2025 00:00:00 GMT</pubDate></item><item><title>Backup Security: Protecting the Last Line From Attackers</title><link>https://iampavel.com/cybersecurity/backup-and-recovery-security/</link><guid isPermaLink="true">https://iampavel.com/cybersecurity/backup-and-recovery-security/</guid><description>Backup security design for the era when attackers hunt backups first: isolation architectures, immutability options, air gaps, and restore testing that counts.</description><pubDate>Tue, 25 Nov 2025 00:00:00 GMT</pubDate></item><item><title>Enterprise AI architecture patterns that hold up</title><link>https://iampavel.com/ai/enterprise-ai-architecture-patterns/</link><guid isPermaLink="true">https://iampavel.com/ai/enterprise-ai-architecture-patterns/</guid><description>Five enterprise AI architecture patterns — gateway, retrieval grounding, human-in-the-loop, evals, model portfolio — when each applies, plus the anti-patterns.</description><pubDate>Tue, 25 Nov 2025 00:00:00 GMT</pubDate></item><item><title>Managing engineering teams at scale: lessons from 30+</title><link>https://iampavel.com/leadership/managing-engineering-teams-at-scale/</link><guid isPermaLink="true">https://iampavel.com/leadership/managing-engineering-teams-at-scale/</guid><description>Managing engineering teams past the size where you know everything: operating rhythm, delegation layers, skip-levels, and keeping technical credibility.</description><pubDate>Tue, 25 Nov 2025 00:00:00 GMT</pubDate></item><item><title>BGP for enterprises: when you need it and how to run it</title><link>https://iampavel.com/networking/bgp-for-enterprises/</link><guid isPermaLink="true">https://iampavel.com/networking/bgp-for-enterprises/</guid><description>A practitioner&apos;s guide to BGP for enterprises: when multihoming justifies it, route filtering per RFC 7454 and MANRS, communities, and the classic mistakes.</description><pubDate>Mon, 24 Nov 2025 00:00:00 GMT</pubDate></item><item><title>The Purdue model in 2026: what still holds, what broke</title><link>https://iampavel.com/industrial-systems/purdue-model-modern-ot/</link><guid isPermaLink="true">https://iampavel.com/industrial-systems/purdue-model-modern-ot/</guid><description>An honest engineer&apos;s take on the Purdue model: the levels and OT DMZ explained, what cloud and IIoT actually broke, and how to apply it to real plants now.</description><pubDate>Thu, 20 Nov 2025 00:00:00 GMT</pubDate></item><item><title>Recovering VMware VMs after an ESXiArgs-class attack</title><link>https://iampavel.com/notes/esxi-ransomware-recovery/</link><guid isPermaLink="true">https://iampavel.com/notes/esxi-ransomware-recovery/</guid><description>Why ESXiArgs-style ransomware often leaves VM data intact, and the vmkfstools descriptor-rebuild procedure that brings encrypted VMs back without paying.</description><pubDate>Thu, 20 Nov 2025 00:00:00 GMT</pubDate></item><item><title>Kubernetes Troubleshooting: A Method That Always Finds It</title><link>https://iampavel.com/infrastructure/kubernetes-troubleshooting-method/</link><guid isPermaLink="true">https://iampavel.com/infrastructure/kubernetes-troubleshooting-method/</guid><description>A systematic Kubernetes troubleshooting method — cluster, node, workload, network, storage — with the kubectl commands in order and common failure signatures.</description><pubDate>Tue, 18 Nov 2025 00:00:00 GMT</pubDate></item><item><title>etcd backup and restore on kubeadm clusters</title><link>https://iampavel.com/notes/etcd-backup-and-restore/</link><guid isPermaLink="true">https://iampavel.com/notes/etcd-backup-and-restore/</guid><description>Working notes on etcd snapshot and restore for kubeadm Kubernetes clusters: exact commands, the data-dir and cluster-token gotchas, and verification steps.</description><pubDate>Sat, 08 Nov 2025 00:00:00 GMT</pubDate></item><item><title>Servant leadership on engineering teams: what it means</title><link>https://iampavel.com/leadership/servant-leadership-in-engineering/</link><guid isPermaLink="true">https://iampavel.com/leadership/servant-leadership-in-engineering/</guid><description>What servant leadership actually looks like for technical teams: removing blockers, absorbing pressure, routing credit downward, and knowing when it fails.</description><pubDate>Tue, 14 Oct 2025 00:00:00 GMT</pubDate></item><item><title>Architecture that survives ransomware</title><link>https://iampavel.com/cybersecurity/ransomware-resilient-architecture/</link><guid isPermaLink="true">https://iampavel.com/cybersecurity/ransomware-resilient-architecture/</guid><description>How to design for ransomware resilience: tiered identity, isolated and immutable backups, recovery-time engineering, and lessons from the ESXiArgs campaign.</description><pubDate>Tue, 07 Oct 2025 00:00:00 GMT</pubDate></item><item><title>What is AI integrity? An engineering framework</title><link>https://iampavel.com/ai/ai-integrity-engineering-framework/</link><guid isPermaLink="true">https://iampavel.com/ai/ai-integrity-engineering-framework/</guid><description>AI integrity as an engineering discipline: verifiable behavior, governed data paths, resistance to manipulation, and a maturity model to build against.</description><pubDate>Tue, 07 Oct 2025 00:00:00 GMT</pubDate></item><item><title>Production Kubernetes Architecture: What Actually Changes</title><link>https://iampavel.com/infrastructure/production-kubernetes-architecture/</link><guid isPermaLink="true">https://iampavel.com/infrastructure/production-kubernetes-architecture/</guid><description>Production Kubernetes architecture decisions that separate lab clusters from real platforms: control plane topology, node pools, ingress, storage, upgrades.</description><pubDate>Tue, 07 Oct 2025 00:00:00 GMT</pubDate></item><item><title>Enterprise network design fundamentals that age well</title><link>https://iampavel.com/networking/enterprise-network-design-fundamentals/</link><guid isPermaLink="true">https://iampavel.com/networking/enterprise-network-design-fundamentals/</guid><description>Enterprise network design from the failure modes up: hierarchy, L2/L3 boundaries, HSRP/VRRP redundancy, and capacity planning that survives growth.</description><pubDate>Tue, 07 Oct 2025 00:00:00 GMT</pubDate></item><item><title>ICS security fundamentals: systems that move physics</title><link>https://iampavel.com/industrial-systems/ics-security-fundamentals/</link><guid isPermaLink="true">https://iampavel.com/industrial-systems/ics-security-fundamentals/</guid><description>What makes ICS security different from IT: availability-first priorities, decade-long asset lifecycles, physical consequences, and the control set that works.</description><pubDate>Wed, 01 Oct 2025 00:00:00 GMT</pubDate></item></channel></rss>