Notes on data, AI, IT
and security
No marketing fog. The way I think about real problems with founders and managers.
2024 in security: what changed and what stayed the same
A brief look at what 2024 added to the information security landscape - for those who make decisions, not just execute them.
Sora as a step toward world models: controllable video generation changes the conversation
What Sora means beyond impressive demos: why it is a step toward world models and which practical questions it opens.
Controlling LLM costs in production: token budgets and request design
Practical ways to reduce the API bill for LLM-powered features without degrading quality - focused on what actually moves the needle in real deployments.
How to evaluate an AI vendor when buying: a working filter
A set of questions and criteria for a manager choosing an AI solution or contractor - without relying on demos and marketing materials.
Event-driven architecture: what decoupling services actually buys you
A plain explanation of event-driven patterns for owners and managers - what problems they solve, what new problems they introduce, and when the tradeoff makes sense.
Lakehouse: a storage architecture without choosing the lesser evil
What the lakehouse approach is and when it solves the real problem of choosing between a data warehouse and a data lake.
Zero trust architecture: what it means in practice for a growing company
A clear explanation of zero trust as an operational security model - what changes, what stays the same, and how to approach adoption without a rewrite of everything.
Multimodal models: what is actually useful for business right now
A practical look at AI models that work with text and images together - without the marketing fog.
Observability for product teams: what logs, metrics, and traces actually give you
A plain walkthrough of the three observability pillars and why the combination matters - written for technical owners who want to understand what they are paying for.
NIS2: the directive starts living in practice, not just in PDFs
What NIS2 enforcement means for companies operating in the European market: who is covered, what is required, and where to start.
OpenAI DevDay 2024: what the announcements mean for product teams
A short reading of the October DevDay announcements - real-time API, prompt caching, fine-tuned evals - focused on what changes for teams building on top of OpenAI.
Vector databases: what they actually store and when you need one
A plain explanation of what vector embeddings are, what vector databases do differently from relational or document stores, and when the technology is worth adding to your stack.