1. PiHole with DNS over HTTPS (DOH)

    A few people I know have set up PiHole ad blocker and really rave about it so I thought it was worth a look. The basic setup I used was as per the instructions on their website, appended with Dingo DNS over HTTPS (DoH) and with a Let’s Encrypt web admin https cert installed. This page is effectively my build guide documented so that it may help anyone else looking to do the same but also in case I ever need to rebuild it! …


  2. Cloudflare wildcard certificate issuance and CAA weirdness

    As some of my other posts discuss, there are a number of security features that I trial using this site. One of those is SSL/TLS certificate based where I set a CAA record in my DNS. A CAA record tells all Certficate Authorities (CA) who is allowed to issue a certificate for a domain, which is quite a powerful feature for mitigating issues where CAs go rogue or get hacked. …


  3. site architecture and construction

    This site is now in v3. v1 was EC2 hosted in AWS and served via nginx because that was the only way that I could serve Content Security Policy (CSP) headers. Using a CDN, Cloudfront or Cloudflare, meant that my headers would be stripped which was not cool. …


  4. Lambda@Edge

    CSP for AWS Cloudfront Lambda@Edge …


  5. Data engineering: building security capability for modern business

    Here’s a blog that I had published whilst working for HMRC: …