Blog
Vendor evaluations that ran against our own stack. Rollout stories from the middle of real projects. The decisions nobody writes down, and what happens when they need to be remembered.
Three vendors, three polished demos, three curated sample environments. By the end of the week I had no real idea which one would survive a Tuesday incident. So I ran the evaluation inside my own stack instead.
I run both. That sentence makes some people twitch. Here is why, what it took to make them actually coexist at the DNS, identity, and routing layers, and what the evaluation surfaced before anything shipped.
Every vendor demo runs on a rigged environment. We do not mean dishonest. We mean set up in advance to make the product look its best. The problem is not the demo. The problem is when you mistake it for an evaluation.
Six months after a rollout, somebody asked me why the finance pool MFA lifetime is 30 days. I knew I had picked it. I was on the call. I approved the setting. But the reason was gone.
Three weeks ago I rolled Wazuh out to 140 Macs. Last week someone said we need it on the five Windows servers in EMEA finance. Here is what transferred, what did not, and why starting from zero was not the right move.
Every Friday afternoon at a lot of companies, a PM sits down and builds three decks. One for the CTO, one for engineering, one for the CISO. All three describe the same rollout. By Monday all three are stale.
Every long rollout pivots at some point. Scope change is not a failure mode. It is the normal condition of a real rollout. The tooling should be designed for that.
Every other implementation tool stops at go-live. The channel gets archived, the consultants leave, the knowledge walks out the door. Three months later nobody remembers why anything was set the way it was.