I prefer a default-deny stance and then open only what the host actually serves. nftables is flexible enough to express that clearly without giant unreadable rule sets. A short explicit policy ages better than a sprawling inherited firewall script nob

DAST is useful when it is fast enough to run regularly and scoped enough to avoid chaos. I use baseline scans on pull request environments to catch missing headers, obvious injection risk, and regressions in exposed attack surface. It is not a substit

A lot of machine learning reduces to linear algebra with better tooling. Dot products, norms, matrix multiplication, and projections show up in recommendation, embeddings, PCA, and optimization. I keep the implementation small and testable so it stays