Luis Siccha

Blog

Long-form writing. Ideas that have had time to settle.

What this blog is

This blog is for writing that has matured past the note-taking stage. Posts here are ideas I have lived with for a while — long enough to organize them, question them, and say something clear about them.

I write when I have something worth sharing, not on a schedule. Most posts will come from work I do in security, infrastructure, or software engineering — but some will be about books, learning, or how I think about problems. The common thread is that each post tries to be useful and honest.

Blog vs Digital Garden
Blog
  • Finished essays Edited, structured, and meant to stand on their own.
  • Slower cadence Published when there is something worth saying.
  • Clear writing Optimized for clarity, not volume.
Digital Garden
  • Evolving notes Updated over time as thinking develops.
  • Incomplete by design Seeds, sprouts, and works in progress.
  • Exploratory writing Thinking in public, not presenting conclusions.

The blog and the digital garden serve different purposes. Notes are where I think out loud. The blog is where I write things down properly. Some garden notes may eventually become blog posts — but most won't, and that's fine.

Topics I write about
Software Security & Identity Authentication, authorization, and the messy reality of securing systems.
Cloud & Distributed Systems Azure, Kubernetes, infrastructure patterns, and operational lessons.
Engineering Lessons Things I learned building and maintaining software in production.
Books & Ideas Long-form reflections on reading, thinking, and making sense of things.
Personal Systems & Learning Tools, habits, and workflows that help me work and think better.
Publishing approach

There is no fixed schedule. I write when a topic has enough weight to justify the time — mine and the reader's. I would rather publish one clear post a quarter than four rushed ones a month. Writing here is intentional, not reactive.

OIDC in practice: what the spec doesn't tell you
Migrating identity providers without downtime
What I got wrong about infrastructure as code

Posts will appear here over time.