Sorry, it has been so long. Let’s start with the good news first. The KQL book is nearly done. I say nearly because it’s not done done. It’s still going through the copy editor phases, and I’ll need to do a final review and edits. This is minor, though, compared to the core writing. We contacted numerous Microsoft folks to get some of their favorite and recommended KQL queries. The book is already up on Amazon for purchase.

The bad news is that this took much of the free time I had planned to write things here. I also finished an additional SANS cloud security class, SEC 510 Public Cloud Security: AWS, Azure, and GCP, and I’m nearly done with SEC 541 Cloud Security Attacker Techniques, Monitoring, and Threat Detection. I’ll write up some little reviews of those as well.

I have also taken on another SABR project around the 2005 White Sox, but that’s a story for another post. But with the turn of the calendar, I have several other posts I’m working on and hope to post more frequently; it really can’t get any more less frequent.