Hello, World — and What This Blog Is For
This is the first post on blog.johlem.net. I'm writing it partly to
set up the page rendering and partly to set expectations for what shows up here.
Who this is for
If you run detections for a living, or you've crossed from offensive work into blue-team operations, or you have the misfortune of explaining firewalls to auditors under DORA, NIS2, or CSSF circular 22/806 — you are the reader I'm writing for.
Everything else is secondary. I'm not optimising for traffic, I'm optimising for the three people who will email me about a specific detection and end up with a better rule than they started with.
What to expect
- Lab notes from a MINISFORUM MS-A2 Proxmox rig built for OSCP prep.
- Detection engineering write-ups: Sigma, KQL, Splunk SPL — whatever fits.
- Offensive-to-defensive translation: here is the attacker primitive, here is what it looks like in your SIEM, here is the rule.
- The occasional compliance-meets-technical piece. Less dry than it sounds.
Things you will not find here:
- Vendor pitches.
- Thought-leadership listicles.
- “10 things every CISO must know about AI”.
Why pure HTML
Build tools are a tax you pay every six months in dependency upgrades.
This blog is plain HTML, a single CSS file, and nothing else. No framework, no JavaScript, no database, no server-side code. I write in HTML, push the files, the browser renders them. I can read the source in a minute and it will still be obvious six years from now.
There is no step 5. There is no step 2, either — the browser does step 1 and the request is over.
The security surface is close to zero. There's no input to sanitize, no template engine to escape around, no database to SQL-inject. The worst case is a broken link.
Elsewhere in the ecosystem
- johlem.net is where consulting engagements live.
- cli.johlem.net is where small tools get published.
- cyberramen.com hosts the free tools.
- johlem.com is photography and music — a deliberate off-switch from the day job.
If any of this is interesting, the RSS feed is the lowest-friction way to follow along. Otherwise, the archive has everything in one list.