In my previous posts I've consistently pushed back on waste, whether it's time, money, or process overhead. Today I want to apply that same lens to security configuration management and argue that the engineering teams who build and run a product are the right people to own a big chunk of it. I'll use Content Security Policy (CSP) as the concrete example and show how Secutils.dev supports the full lifecycle: create, deploy, and monitor.

Hello!

Today, I'd like to share my perspective on formal project management for small to medium-sized projects, using Secutils.dev as an example. When starting a new project, it's often driven by a spark of inspiration or a strong desire to solve a specific issue for yourself or a group of people. At this early stage, formality can be a distraction and drain motivation quickly. You have a clear vision of what needs to be done, and adding unnecessary formalities can hinder progress.

Initially, things may go smoothly without a formal project management process. You create functional prototypes, launch an MVP with a catchy domain name, and receive positive feedback from early users. However, over time, the excitement from these achievements can diminish, and internal motivation alone may not be enough to drive the project forward. This is a natural human tendency, and it's important to recognize it. If you're satisfied with your project in its current state, or if it was originally intended as a short-term fun project and you're ready to move on to something new, that's perfectly fine. You should absolutely embrace the joy of building and exploring new ideas.

However, if you want to advance a more complex project and still maintain sufficient motivation, I believe it's essential to adopt a different strategy. The strategy I'm going to discuss next involves incorporating a bit of formal project management to keep yourself on track, sustain progress, and avoid the disappointment of yet another unfinished project.

Hello!

In my previous posts I covered the technology stack, the deployment process, and the monitoring and analytics setup behind Secutils.dev. Today, let's talk about money: what it actually costs to run this SaaS in production. As developers, we know the value of being resourceful and frugal, especially when bootstrapping a side project. Here's how the bill stays close to zero for Secutils.dev.

Hello!

In my previous posts, I covered the technology stack behind Secutils.dev and how I deploy its components to a Kubernetes micro-cluster. Today, I want to walk through the tools I use to monitor that deployment and to collect privacy-friendly product analytics.

Hello!

In my previous post, I covered the technology stack behind Secutils.dev. Today I want to walk through how that stack is actually deployed: where the bits live, how they're networked, and how I've kept the operational footprint of a one-person SaaS small enough to manage in spare time.

Hello!

Today, I'd like to provide an updated tour of the technology stack powering Secutils.dev, the open-source security toolbox for engineers and researchers. If you're considering similar choices for your own indie or open-source project, hopefully something here is useful. Let's dive in!