SecOps & Platform Engineer at Wizards of the Coast (D&D Beyond), 23+ years deep in systems, security, and software. I came up hardening Linux on bare metal and never lost the instinct. These days it's cloud security, the platform layer, the infrastructure-as-code everything ships on. Security isn't a checklist to me; it's how I read every system I touch.
Sean Stoves
Off the clock I'm a dad of three boys, a foster parent, a lifelong gamer. I run D&D at the table, but in every game I'm Solao Bajiuik. I keep a stack of game servers alive for friends, stream when the mood strikes. Most of what I build off-hours is for the games and communities I'm part of.
One of the reasons I've decided to start this site with a Blog post is that I want to work on my skills in that area. I will try to post at least weekly; however, I am not the best at writing, so I will follow the process of:
- Writing an Outline ( Gotta get my thoughts out first )
- Writing the Rough Draft ( and I mean... ROUGH... )
- Asking Grammarly for help cleaning it up
- Asking Claude to compare my writings with my code to ensure and hold me honest ( also to suggest things i might have missed )
- Updating Draft to contain the above notes
- Asking Grammarly once again to help clean it up ( I need all the help I can get )
- Posting.
Because of this process, I don't want to PROMISE posts will occur. However, I promise I will try.
Oddly enough, the above is similar to my method of AI-assisted development.
- Summarize and Plan features/goal
- Take the above plan and add notes regarding tech choices and options for the process
- Plan the order I want to implement
- Most Critical First e.g.) Auth
- Then Most Complex
- Then the easy low-hanging fruit
- AI then gets sent to review the Plan, I prefer JetBrains Junie with Claude's models for this
- Once we both agree on the plan, I begin implementation. Should I get stuck or have a large, tedious amount of code, I use Claude to get it done faster, or to teach me.
- Prompt:
Claude, for step 4.1 ( Milestone 4 step 1 ), can you provide me a best practice and secure method and the links and references that support it to handle this task.I then learn how to handle it myself, not just from Claude but also from reference sites. It basically replaced the StackOverflow delve.
- Prompt:
- Once the code is all finished, I ask Claude to read my code, see if I missed any vulnerabilities, and, since I HATE creating them, to make me unit tests(everything) and E2E tests ( if website or mobile )
I then ship and push in whatever CICD method I need. I very rarely deploy manually, and I REFUSE to become a Pull Reviewer for AI, especially when that code is ~90% mine.
Recent posts
All posts →- Pull, Don't Push: No Spare Key Under the Doormat (Part 3)2026-07-1300
The last piece of the migration: getting code onto a hardened box from CI without handing the pipeline a key worth stealing. Part three of three on why the deploy pulls instead of pushes, the four dumb layers that box a compromised pipeline into a broom closet, and the packet-filter grant I forgot that left my own deploy knocking on a door it wasn't allowed to open.
- Barring the Doors: Hardware Keys and Self-Inflicted Wounds (Part 2)2026-06-2700
Locking down the new Rocky Linux host with sysctl, fail2ban, and hardware MFA via YubiKeys. Part two of three on migrating from CentOS 7 and the afternoon I accidentally disabled my own shields mid-orbit.
- vps01 is dead. Long live Radar. (Part 1)2026-06-1900
A two-years-past-EOL CentOS 7 box was quietly running my password vault, container registry, and the LDAP directory every other machine trusted. Part one of three on putting it down and standing up its replacement: why you regenerate instead of resurrect, picking Rocky 10, containerizing the lot, and the night I locked myself out of two boxes at once.
- No DB, no libraries, no shell: Over-engineering my personal site for fun and security.2026-06-1311
Why and how, I nuked a standard Next.js setup to build a database-free personal site with zero extra runtime dependencies, using flat files, native Node 24 APIs, and a hardened runtime posture.