01
Threat Modeling and Detection in Operation: Analysis of the 2026 Stryker Intune Incident
In Q1 of 2026, perhaps the most shocking news in cybersecurity was the Stryker Intune “Wipe” attack. The incid...
Threat Modeling · Apr 11, 2026
Security Operations from inside the work.
Explore topicsPaige Y. H. writes about security operations as it actually functions where risk thinking, security strategy, and operational reality have to work together.
Security Operations · Detection & Response · Risk & Strategy
Latest insights
All insights02
From Strategy to Operations (Part II): Designing a Sustainable, Risk-Aligned IR Capability
Sustainable incident response is not achieved through tooling or playbooks alone. It emerges when incident res...
Incident Response · Mar 1, 2026
03
From Strategy to Operations (Part I): When Incident Response Operates Without Risk Context
Incident Response (IR) is a core capability of the modern enterprise, with its maturity increasingly scrutiniz...
Incident Response · Feb 28, 2026
About Paige
Practical security thinking where operations, risk, and strategy actually meet.
I'm a security operations engineer writing about how security actually gets built and run in enterprise environments. My focus is on detection engineering, SOAR automation, and scalable SecOps but also on the harder organisational work: security architecture reviews, building mature detection and response processes, and what it takes to close the gap between risk strategy and operational execution. The name says it: bridged. Most security problems live at the seams between disciplines, and that's where I write from.
Profile
My work spans security programs across industries and countries, with a consistent focus on turning cybersecurity goals into sustainable operations for real teams.
This blog is for security professionals who live between the technical and the strategic where building the capability and justifying it to the business are the same problem.
- SOAR & Automation
- Detection & Response Engineering
- Security Architecture
- SecOps Maturity
- Risk & Strategy
Operating lens
Practice before theory.
Security decisions are only as good as the operational reality behind them, so that's where I start.
The bridge is the work.
Most security problems fail at the seam between technical execution and strategic context. That's where the analysis lives.
Controls need context.
Every technical control, whether a detection rule, a response playbook, or an automated workflow, needs a home in the risk landscape. If it doesn't inform how the organisation understands and responds to threat, it isn't finished.
Read next
Archive explorer
Drift through Paige's field notes like a living board.
Search by keyword, narrow by topic, and browse at your own pace.
/
3 visible of 3
01
2026.4.11
Threat Modeling · 5 min read
Threat Modeling and Detection in Operation: Analysis of the 2026 Stryker Intune Incident
In Q1 of 2026, perhaps the most shocking news in cybersecurity was the Stryker Intune “Wipe” attack. The incident resulted in the factory reset of an estimated 200,000 devices glob...
Open note02
2026.3.1
Incident Response · 5 min read
From Strategy to Operations (Part II): Designing a Sustainable, Risk-Aligned IR Capability
Sustainable incident response is not achieved through tooling or playbooks alone. It emerges when incident response operates as a living component of enterprise risk management—whe...
Open note03
2026.2.28
Incident Response · 5 min read
From Strategy to Operations (Part I): When Incident Response Operates Without Risk Context
Incident Response (IR) is a core capability of the modern enterprise, with its maturity increasingly scrutinized by regulatory and industry frameworks. Yet, a persistent gap remain...
Open note