Skip to content

Welcome to the Skellman.io Technical Blog

Published: 03/19/2026

Technology has always moved fast. Security has always struggled to keep pace with it. But something has shifted in the last few years that changes the nature of that challenge in a fundamental way.

Artificial intelligence is not just another technology trend to track. It is actively compressing the timeline of everything else. Tools that used to take years to mature are shipping in months. Attack surfaces that would have taken a threat actor significant time and skill to discover and exploit are being mapped and automated faster than most organizations can respond to them. The gap between what practitioners need to understand and what is clearly documented is widening, and it is widening faster than it ever has before.

That acceleration is the context for this blog. The Skellman.io technical blog exists to publish in-depth content on cloud security, security architecture, custom tooling, automation and the broader technology landscape, keeping pace with an environment that is moving faster than ever and making sure the knowledge that matters is clearly explained and practically applicable.

What Skellman.io Is

Skellman.io is an information security and technology organization. The work spans cloud security, security architecture, custom tooling, automation and technical education. Those are not marketing categories. They are the actual areas where the work happens.

Cloud Security: Cloud platforms are where most modern infrastructure lives, and they come with a default posture that is convenient for development and dangerous for production. Misconfigured IAM policies, overly permissive network rules, unencrypted storage, publicly accessible resources that should not be: these are not exotic attack vectors. They are common, preventable and frequently missed. The work here takes cloud security seriously at the architecture level, not just at the compliance checklist level.

Security Architecture: Good security decisions made early in a system's design are worth more than good security decisions made late. This work involves thinking carefully about how systems are structured, how trust is granted and revoked, how components communicate and how failure modes are contained. The goal is infrastructure that is defensible by construction, not by inspection.

Custom Tooling and Automation: Manual security processes do not hold up at scale. When the process of reviewing infrastructure, analyzing logs, or detecting misconfigurations depends on a human doing the same thing repeatedly, it will eventually fail. The tools built and published here automate the parts of security work that should be automated, consistently, transparently and with clear documentation of what they do and do not cover.

Technical Writing and Education: The best tool is limited if its reasoning is not explained. The best architecture pattern is hard to replicate if it is not documented clearly. Writing here is an act of engineering: precise, purposeful and built for an audience that wants to understand things correctly.

Research and Experimentation: Not everything here will be polished and production-ready. Some posts will document work in progress, hypotheses under investigation, or findings from paths that did not work out as expected. That kind of honesty is part of how the field moves forward.

What to Expect Here

The posts on this blog will not be introductory overviews of well-documented topics. There are already too many of those. What will appear here instead:

Tool breakdowns: When a new tool is built or updated, the reasoning behind its design gets documented. Not just how to use it, but why it was built the way it was, what tradeoffs were made and what it does not handle. The architecture behind a static analysis tool is as worth understanding as the tool itself.

Cloud security analysis: Deep dives into specific misconfigurations, IAM policy structures, network architecture decisions and cloud provider behaviors that matter in practice. Not theoretical vulnerability descriptions, but actual analysis of how things go wrong and how they can be prevented.

Architectural reasoning: Posts that walk through how a security architecture decision was made: what options were considered, what was ruled out and why, what the final design looks like and what its failure modes are. The reasoning is the content.

Security engineering patterns: Reusable patterns for building more defensible systems. How to structure secrets management in a multi-cloud environment. How to design least-privilege IAM policies that do not break when requirements change. How to build security controls into CI/CD pipelines without making them a bottleneck.

Honest post-mortems and lessons learned: When something fails, or when an approach turns out to be wrong, that gets documented too. Engineering judgment improves through honest accounting of what did not work.

Why This Work Matters

Security knowledge is unevenly distributed in a way that compounds over time. Organizations with dedicated security teams and large budgets have access to deep expertise. Everyone else, smaller teams, individual engineers, practitioners in fields where security is adjacent rather than central, often does not.

The content that fills this gap is frequently inadequate. Vendor documentation tells you how to use a feature, not whether you should or what the security implications are. Tutorial content teaches you how to get something working, not how to get it working safely. Certification study materials teach you what is on the exam, not how to apply the concepts in a production environment under constraints.

The result is that a large portion of the technical community is making security decisions based on incomplete information, not because they lack the ability to understand better information, but because that information has not been made clearly available to them.

That is the gap this work is trying to close.

Understanding why a firewall rule is dangerous is more durable than knowing which rules to copy from a template. Understanding how IAM evaluation logic works is more valuable than memorizing a set of policies. Understanding what a static analysis tool is actually checking, and what it is not, makes it more useful than treating it as a black box.

The goal is always the underlying understanding, not just the answer.

The Commitment

Every post here will be thought through carefully. If a tool is documented, the documentation will be complete enough to be useful without having to read the source code. If an architecture pattern is described, the tradeoffs and failure modes will be part of the description. If something did not work, that will be stated plainly.

Clarity over jargon. Technical precision and clear writing are not in conflict. Every piece of security jargon that can be replaced with plain language without losing accuracy will be.

Tools that solve real problems. The tools published here address actual gaps in security practice, built because something was needed, not because it was interesting to build.

Respect for the reader's time. Every sentence here should earn its place. If a section does not add information or understanding, it will not be there.

Staying current. The technology and security landscape is evolving faster than at any prior point in history. AI is accelerating that pace across every layer of the stack, from how software is written to how infrastructure is managed to how attacks are executed. Keeping pace with that is not optional. The content here will reflect what is actually relevant now, not what was relevant when a curriculum was last updated.

This is the first post. More will follow: on tools, on architecture, on cloud security, on AI's role in the evolving threat landscape and on whatever problems are being worked on at the time.