<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="/rss/atom-styles.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom">
  <title>Lionel Mosley | ahr-ki-tekt</title>
  <subtitle>Carefully selected frameworks, insights, and solutions from Lionel Mosley — IT Consultant &amp; Innovative Thought Leader based in Houston, TX.</subtitle>
  <link href="https://trust-lionel.com//atom.xml" rel="self" type="application/atom+xml"/>
  <link href="https://trust-lionel.com/" rel="alternate" type="text/html"/>
  <updated>2026-06-22T23:33:18.961Z</updated>
  <language>en</language>
  <id>https://trust-lionel.com//</id>
  <author>
    <name>Lionel Mosley</name>
    <uri>https://trust-lionel.com/</uri>
  </author>
  <generator uri="https://github.com/Dnzzk2/Litos" version="5.0">Astro Litos Theme</generator>
  <rights>Copyright © 2026 Lionel Mosley</rights>
  
  <entry>
    <title>Why We Moved a Regional Broadcasting Company Off Amazon EC2 — and Why Microsoft Azure Won</title>
    <link href="https://trust-lionel.com//posts/cloud-migration" rel="alternate" type="text/html"/>
    <id>https://trust-lionel.com//posts/cloud-migration</id>
    <updated>2026-06-16T00:00:00.000Z</updated>
    <published>2026-06-16T00:00:00.000Z</published>
    <author>
      <name>Lionel Mosley</name>
    </author>
    <summary type="text">A cloud migration case study for CIOs, IT Directors, and business owners considering a move from AWS to Azure. Learn why Microsoft&#039;s integrated ecosystem beat staying on Amazon EC2.</summary>
    <content type="html"><![CDATA[
<p><em>When your infrastructure lives in one cloud and your business runs in another, you are not operating an ecosystem. You are managing a gap.</em></p>
<p>A regional broadcasting company came to us with a problem that looked like a technical one. Fifteen internet radio stations. A Linux-based streaming infrastructure running on Amazon EC2. Media libraries in the gigabytes. Listeners across multiple markets. And a team that managed daily operations inside Microsoft 365 — Exchange Online for email, SharePoint Online for files, Microsoft Teams for communication.</p>
<p>The infrastructure worked. The streams played. But the environment was fractured. Compute on AWS. Identity and productivity on Microsoft. Backup handled manually. Disaster recovery undefined. Every operational decision that touched both sides required a context switch — different portals, different vendors, different support paths, different billing relationships.</p>
<p>That is not a technical problem. That is a business risk.</p>
<p>This is the story of how we resolved it — and why the decision was about more than where the servers live.</p>
<hr />
<h2>The Case for Migration: What the Business Was Actually Paying For</h2>
<p>Before we touched a single configuration file, we asked the question every CIO and owner should ask before any infrastructure decision: <em>what problem are we actually solving?</em></p>
<p>The answer had four parts.</p>
<p><strong>Operational fragmentation.</strong> The team managing the stations had no unified view of their environment. Streaming infrastructure on Amazon EC2. Business data on Microsoft 365. Two vendor relationships. Two support queues. Two billing cycles. No single pane of glass.</p>
<p><strong>Business continuity exposure.</strong> There was no formal backup policy for the compute layer. If a virtual machine failed, recovery depended on manual processes and institutional memory — neither of which is a continuity strategy.</p>
<p><strong>Ecosystem misalignment.</strong> Microsoft 365 was already the operational backbone of the business. Exchange Online handled all organizational email. SharePoint Online housed internal documents. The compute infrastructure — the part that generated revenue — was on a different platform entirely.</p>
<p><strong>Cost visibility.</strong> Amazon EC2 pricing for Linux compute instances is well-documented, but it does not include the operational overhead of managing a fragmented environment. When you account for the time spent context-switching between platforms, the real cost of staying on AWS was higher than the invoice suggested.</p>
<hr />
<h2>Why Microsoft Azure — Not a Rebuild on AWS</h2>
<p>This question deserves a direct answer, because it is the question every CIO, IT Director, and Finance leader should be asking before approving any migration.</p>
<p>We did not move to Azure because AWS is inferior. Amazon EC2 is a mature, capable compute service. We moved to Azure because the organization had already made its strategic cloud decision — and it was Microsoft.</p>
<p>When your identity platform is Azure Active Directory, your email is Exchange Online, your documents are in SharePoint Online, and your collaboration runs in Microsoft Teams, your compute infrastructure belongs in Azure. Not because of sentiment. Because of integration.</p>








































<table><thead><tr><th>Capability</th><th>AWS Approach</th><th>Microsoft Azure Approach</th></tr></thead><tbody><tr><td>Identity</td><td>Separate IAM configuration</td><td>Native Azure AD integration</td></tr><tr><td>Monitoring</td><td>CloudWatch — separate portal</td><td>Azure Monitor — unified portal</td></tr><tr><td>Backup</td><td>Manual or third-party</td><td>Azure Backup — built into portal</td></tr><tr><td>Support</td><td>AWS Support plan</td><td>Single Microsoft support relationship</td></tr><tr><td>Billing</td><td>Separate AWS invoice</td><td>Unified Microsoft billing</td></tr><tr><td>Compliance</td><td>Separate compliance posture</td><td>Unified compliance across M365 + Azure</td></tr></tbody></table>
<p>For an organization already operating inside Microsoft 365, Azure is not a migration destination. It is the completion of a decision already made.</p>
<hr />
<h2>What We Built: The Architecture</h2>
<p>The streaming infrastructure for fifteen radio stations now runs on two dedicated Microsoft Azure Virtual Machines — both running Debian Linux, both Trusted Launch enabled, both inside the Microsoft Azure ecosystem.</p>
<p>The choice of Linux was deliberate. The streaming software stack — CentovaCast, SHOUTcast, and the AutoDJ layer — runs on Linux. Moving to Azure did not mean moving to Windows. Azure Virtual Machines support Linux natively, and the operational behavior of the stack is identical to what ran on Amazon EC2. The migration was a lift of workloads, not a rewrite of them.</p>
<p>What changed was everything around the workload.</p>
<p><strong>Backup and Recovery.</strong> Both virtual machines are now protected by Azure Backup with Enhanced Policy — automated backups every four hours, thirty-day retention, instant restore capability, and application-consistent snapshots. The organization went from no formal backup policy to enterprise-grade protection in the same portal they use for everything else.</p>
<p><strong>Business Continuity.</strong> Recovery Services Vaults are now configured for both virtual machines. A failure scenario that previously would have required manual intervention and undocumented institutional knowledge now has a defined recovery path with measurable recovery time objectives.</p>
<p><strong>Networking.</strong> Network Security Groups replace ad-hoc firewall rules. Inbound access is explicitly defined — only the ports the streaming infrastructure requires are open. SSH is locked down. The attack surface is documented and controlled.</p>
<p><strong>Monitoring.</strong> UptimeRobot monitors every station, every control panel, and every website — with a public status page available to the operations team and stakeholders at a single URL. Azure Monitor provides the infrastructure layer underneath.</p>
<hr />
<h2>The Microsoft Ecosystem Argument: What CIOs and Owners Need to Hear</h2>
<p>There is a conversation that happens in every organization considering a cloud migration, and it usually sounds like this: <em>we already have Microsoft 365, so why are we paying for infrastructure somewhere else?</em></p>
<p>It is the right question. And the answer is almost always: <em>you should not be.</em></p>
<p>Microsoft’s integrated cloud strategy is not marketing language. It is a technical and operational reality. When compute lives in Azure and productivity lives in Microsoft 365, the organization gains unified identity, unified compliance, unified support, and the cost predictability of Reserved Instances.</p>
<p>This is what an ecosystem looks like. Not a collection of services from different vendors stitched together with manual processes. An integrated environment where identity, compute, storage, backup, compliance, and productivity share a common platform, a common management plane, and a common support relationship.</p>
<hr />
<h2>The Decision Framework</h2>
<p>If your organization is running workloads on Amazon EC2 and operating inside Microsoft 365, here are the four questions worth answering before your next budget cycle:</p>
<ol>
<li><strong>Where does your identity live?</strong> If the answer is Azure Active Directory, your compute should be in Azure.</li>
<li><strong>What is your recovery posture?</strong> If the answer involves manual processes or undocumented procedures, Azure Backup and Recovery Services Vaults are a direct solution.</li>
<li><strong>How many vendor relationships does your infrastructure require?</strong> Every additional relationship is overhead — operational, financial, and compliance overhead.</li>
<li><strong>What would a failure cost?</strong> Not the compute cost. The business cost. Downtime. Revenue loss. Reputation. That is the number that belongs in the migration business case.</li>
</ol>
<p>The organization in this case study is now operating fifteen live radio stations on Microsoft Azure Virtual Machines, protected by automated backup, monitored in real time, and fully integrated with the Microsoft 365 environment their team uses every day.</p>
<p>The streams are live. The infrastructure is documented. The recovery posture is defined.</p>
<p>That is what completing the decision looks like.</p>
<hr />
<p><em>“I’ve spent my career asking ‘what if’ when everyone else was asking ‘how much.’”</em></p>
<p><em>The ‘what if’ here is: what if your infrastructure and your business platform finally lived in the same ecosystem? The answer is not a technical one. It is an operational one.</em></p>
<hr />
<h2>References</h2>
<ul>
<li><a href="https://azure.microsoft.com/en-us/products/virtual-machines/" rel="noopener noreferrer" target="_blank">Microsoft Azure Virtual Machines — Linux</a></li>
<li><a href="https://azure.microsoft.com/en-us/products/backup/" rel="noopener noreferrer" target="_blank">Azure Backup — Recovery Services Vaults</a></li>
<li><a href="https://azure.microsoft.com/en-us/pricing/reserved-vm-instances/" rel="noopener noreferrer" target="_blank">Azure Reserved Virtual Machine Instances</a></li>
<li><a href="https://www.microsoft.com/en-us/microsoft-365/exchange/email" rel="noopener noreferrer" target="_blank">Microsoft 365 — Exchange Online</a></li>
<li><a href="https://www.microsoft.com/en-us/microsoft-365/sharepoint/collaboration" rel="noopener noreferrer" target="_blank">Microsoft 365 — SharePoint Online</a></li>
<li><a href="https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview" rel="noopener noreferrer" target="_blank">Azure Network Security Groups</a></li>
<li><a href="https://www.microsoft.com/en-us/security/business/microsoft-purview" rel="noopener noreferrer" target="_blank">Microsoft Purview Compliance</a></li>
<li><a href="https://learn.microsoft.com/en-us/azure/architecture/aws-professional/services" rel="noopener noreferrer" target="_blank">AWS to Azure service comparison</a></li>
</ul>]]></content>
    <category term="Cloud Migration" />
    <category term="Microsoft Azure" />
    <category term="Amazon AWS" />
    <category term="Microsoft 365" />
    <category term="Business Continuity" />
  </entry>
  <entry>
    <title>When Microsoft&#039;s Own Email Becomes the Weapon</title>
    <link href="https://trust-lionel.com//posts/microsoft-notification-abuse" rel="alternate" type="text/html"/>
    <id>https://trust-lionel.com//posts/microsoft-notification-abuse</id>
    <updated>2026-05-22T00:00:00.000Z</updated>
    <published>2026-05-22T00:00:00.000Z</published>
    <author>
      <name>Lionel Mosley</name>
    </author>
    <summary type="text">A Microsoft CSP&#039;s analysis of notification abuse through CISA SCuBA, MITRE ATT&amp;CK, NIST SP 800-53, and CIS Benchmarks — and what organizations must do now.</summary>
    <content type="html"><![CDATA[
<blockquote><p><em>The most dangerous email your organization will receive this year may not come from a stranger. It may come from Microsoft — and it may be a trap.</em></p></blockquote>
<h2>What Happened</h2>
<p>On May 19, 2026, The Spamhaus Project published an alert that had been building for months. Scammers had found a way to send spam — convincing, structured, fraudulent spam — from <code>msonlineservicesteam@microsoftonline.com</code>. That is not a lookalike domain. That is not a spoofed address. That is the legitimate Microsoft email address used to deliver two-factor authentication codes, account alerts, and critical security notifications to millions of Microsoft 365 users worldwide.</p>
<p>The same day, TechCrunch Security Editor Zack Whittaker confirmed he had received multiple similarly structured emails across different accounts, all originating from that same legitimate Microsoft address. Subject lines mimicking PayPal fraud alerts. Links to scam sites. Bitcoin transaction confirmations. All arriving from an address your mail filters are configured to trust.</p>
<p>Microsoft acknowledged the inquiry. As of publication, the company has not confirmed whether the abuse has been stopped.</p>
<p>As a Microsoft Cloud Solution Provider and IT Consultant whose clients operate Microsoft 365 environments every day, I want to explain exactly what happened, why your standard defenses did not catch it, what the security frameworks say about this class of attack, and what you need to do right now.</p>
<hr />
<h2>How the Attack Works</h2>
<p>This is not a credential compromise. No one hacked Microsoft. No password was stolen. The attack exploits a design flaw in Microsoft’s automated notification system — specifically, the degree of customization Microsoft allows when a new account is created.</p>
<p>The attack chain is straightforward:</p>

































<table><thead><tr><th>Step</th><th>What Happens</th></tr></thead><tbody><tr><td>1</td><td>Attacker registers a new Microsoft account — no special access required</td></tr><tr><td>2</td><td>Attacker sets the account name, display name, or organization name to malicious text</td></tr><tr><td>3</td><td>Microsoft’s automated notification system sends a legitimate email using that text</td></tr><tr><td>4</td><td>The email originates from <code>msonlineservicesteam@microsoftonline.com</code></td></tr><tr><td>5</td><td>SPF, DKIM, and DMARC checks all pass — the email is technically authentic</td></tr><tr><td>6</td><td>The recipient receives what appears to be a legitimate Microsoft alert</td></tr></tbody></table>
<p>The malicious content never touches Microsoft’s email body templates. It rides inside a field Microsoft trusts — and that trust is inherited by every mail security tool in your stack.</p>
<hr />
<h2>Why Your Standard Defenses Did Not Catch It</h2>
<p><strong>SPF passes.</strong> The email originates from Microsoft’s mail servers. SPF is designed to verify the sending server — and this server is legitimate.</p>
<p><strong>DKIM passes.</strong> The email is cryptographically signed by Microsoft. The signature is valid.</p>
<p><strong>DMARC passes.</strong> Both SPF and DKIM align with the <code>microsoftonline.com</code> domain. DMARC has nothing to flag.</p>
<p><strong>Reputation filters pass.</strong> <code>msonlineservicesteam@microsoftonline.com</code> has one of the highest sender reputations in enterprise email. It delivers MFA codes. Blocking it would break authentication workflows for millions of organizations.</p>
<p>The attack does not try to impersonate Microsoft. It uses Microsoft. That distinction is the entire reason it works.</p>
<hr />
<h2>The Framework Analysis</h2>
<h3>MITRE ATT&amp;CK Mapping</h3>






























<table><thead><tr><th>Technique</th><th>ID</th><th>How It Applies</th></tr></thead><tbody><tr><td>Phishing</td><td>T1566</td><td>Primary delivery mechanism — fraudulent content via email</td></tr><tr><td>Compromise Accounts: Email Accounts</td><td>T1586.002</td><td>Abuse of legitimate account infrastructure</td></tr><tr><td>Application Layer Protocol: Mail Protocols</td><td>T1071.003</td><td>SMTP as the attack delivery channel</td></tr><tr><td>Masquerading</td><td>T1036</td><td>Content masquerades as legitimate Microsoft notification</td></tr></tbody></table>
<h3>CISA SCuBA — Secure Cloud Business Applications</h3>
<p>Two SCuBA baselines are directly relevant to this attack:</p>
<p><strong>Exchange Online Baseline (EXO)</strong></p>




















<table><thead><tr><th>Control</th><th>Requirement</th><th>Relevance</th></tr></thead><tbody><tr><td>MS.EXO.1.1</td><td>External sender warning banners enabled</td><td>Flags <code>microsoftonline.com</code> as external to your tenant</td></tr><tr><td>MS.EXO.8.1</td><td>Inbound anti-spam filtering enabled</td><td>Mail flow rules that flag known-abused sender patterns</td></tr></tbody></table>
<p><strong>Microsoft Defender for Office 365 Baseline (DEFENDER)</strong></p>

























<table><thead><tr><th>Control</th><th>Requirement</th><th>Relevance</th></tr></thead><tbody><tr><td>MS.DEFENDER.1.1</td><td>Preset security profiles enabled</td><td>Standard and Strict presets add behavioral analysis</td></tr><tr><td>MS.DEFENDER.2.1</td><td>Safe Links enabled for all users</td><td>URL scanning on links in message body</td></tr><tr><td>MS.DEFENDER.4.1</td><td>Anti-phishing policies configured</td><td>Impersonation protection and mailbox intelligence</td></tr></tbody></table>
<p>Run ScubaGear against your tenant today:</p>
<pre><code>Install-Module -Name ScubaGear
Invoke-SCuBA -ProductNames exo, defender, aad
</code></pre>
<h3>NIST SP 800-53 Control Mapping</h3>

























<table><thead><tr><th>Control Family</th><th>Control</th><th>Application</th></tr></thead><tbody><tr><td>Access Control</td><td>AC-2</td><td>Account management — unrestricted account creation enabled this attack</td></tr><tr><td>System and Information Integrity</td><td>SI-8</td><td>Spam and malicious content protection</td></tr><tr><td>Awareness and Training</td><td>AT-2</td><td>User awareness training specific to this attack pattern</td></tr></tbody></table>
<hr />
<h2>What You Should Do Right Now</h2>
<h3>Immediate — This Week</h3>
<p><strong>Step 1 — Deploy a targeted mail flow rule in Exchange Online.</strong></p>
<pre><code>New-TransportRule -Name "Flag Microsoft Notification Spam" `
  -From "msonlineservicesteam@microsoftonline.com" `
  -SubjectOrBodyMatchesPatterns "BTC","Bitcoin","not you\?","Call \+1","PayPal order" `
  -SetSCL 9 `
  -SetHeaderName "X-Suspicious-Notification" `
  -SetHeaderValue "True" `
  -Comments "Flags abused Microsoft notification emails per Spamhaus advisory May 2026"
</code></pre>
<p><strong>Step 2 — Brief your users today.</strong></p>
<blockquote><p><em>If you receive an email from Microsoft about a PayPal transaction, Bitcoin purchase, or any unexpected account activity — do not call the phone number in the email and do not click any links. Navigate directly to microsoft.com or the relevant service to verify. Report suspicious emails to IT immediately.</em></p></blockquote>
<p><strong>Step 3 — Verify your Defender for Office 365 preset security profiles are active.</strong></p>
<p><strong>Step 4 — Run ScubaGear against your tenant</strong> and review every control marked as failing in the EXO or DEFENDER baselines.</p>
<h3>Short-Term — This Month</h3>
<p><strong>Step 5</strong> — Review your anti-phishing policy configuration. Ensure mailbox intelligence, impersonation protection, and spoof intelligence are all enabled.</p>
<p><strong>Step 6</strong> — Add this attack pattern to your security awareness training.</p>
<p><strong>Step 7</strong> — Review your incident response runbook. Verify that your IR process includes a clear path for users to report suspicious emails.</p>
<hr />
<h2>The CSP Perspective</h2>
<p>As a Microsoft Cloud Solution Provider, I manage M365 tenants for organizations that depend on Microsoft’s infrastructure for every email, every document, every meeting, and every authentication event in their business.</p>
<p>This incident reinforces something I have been saying for years: <strong>the security of your Microsoft 365 environment is not Microsoft’s responsibility alone.</strong> The shared responsibility model is real. Microsoft secures the platform. You are responsible for how that platform is configured, how your users are trained, and how your organization responds when the platform is abused — even when the abuse is not your fault.</p>
<p>The organizations that have not invested in that posture are relying on the assumption that trusted senders are safe senders. This incident is a direct refutation of that assumption.</p>
<hr />
<p><em>“I’ve spent my career asking ‘what if’ when everyone else was asking ‘how much.’”</em></p>
<p><em>The ‘what if’ here is: what if the email your employee just acted on came from Microsoft, passed every authentication check, and was still a scam? The time to answer that question is before it happens — not after.</em></p>
<hr />
<h2>References</h2>
<ul>
<li><a href="https://infosec.exchange/@spamhaus/116601270466207765" rel="noopener noreferrer" target="_blank">The Spamhaus Project — Spamhaus Advisory, May 19, 2026</a></li>
<li><a href="https://techcrunch.com/2026/05/21/scammers-are-abusing-an-internal-microsoft-account-to-send-spam/" rel="noopener noreferrer" target="_blank">TechCrunch — Scammers are abusing an internal Microsoft account to send spam links, May 21, 2026</a></li>
<li><a href="https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project" rel="noopener noreferrer" target="_blank">CISA — Secure Cloud Business Applications (SCuBA) Project</a></li>
<li><a href="https://github.com/cisagov/ScubaGear" rel="noopener noreferrer" target="_blank">CISA — ScubaGear on GitHub</a></li>
<li><a href="https://attack.mitre.org/techniques/T1566/" rel="noopener noreferrer" target="_blank">MITRE ATT&amp;CK — T1566 Phishing</a></li>
<li><a href="https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final" rel="noopener noreferrer" target="_blank">NIST SP 800-53 Rev 5</a></li>
<li><a href="https://www.cisecurity.org/benchmark/microsoft_365" rel="noopener noreferrer" target="_blank">CIS Microsoft 365 Foundations Benchmark</a></li>
<li><a href="https://framework.4thandbailey.com" rel="noopener noreferrer" target="_blank">Infrastructure Placement Framework — Module 4: Cyber Resilience</a></li>
</ul>]]></content>
    <category term="Cybersecurity" />
    <category term="MITRE ATT&amp;CK" />
    <category term="NIST SP 800-53" />
    <category term="CISA SCuBA" />
    <category term="Microsoft 365" />
  </entry>
  <entry>
    <title>Three Questions Every CEO and Board Should Be Able to Answer</title>
    <link href="https://trust-lionel.com//posts/three-questions" rel="alternate" type="text/html"/>
    <id>https://trust-lionel.com//posts/three-questions</id>
    <updated>2026-05-17T00:00:00.000Z</updated>
    <published>2026-05-17T00:00:00.000Z</published>
    <author>
      <name>Lionel Mosley</name>
    </author>
    <summary type="text">Cyber resilience, AI governance, and business continuity — the three questions that determine whether an organization survives the next disruption.</summary>
    <content type="html"><![CDATA[
<blockquote><p><em>The conversations that matter most in a boardroom aren’t about technology. They’re about survival. And the technology questions executives can’t answer are the ones that determine whether the business survives.</em></p></blockquote>
<h2>The Room I Keep Walking Into</h2>
<p>I have spent over two decades walking into organizations — boardrooms, leadership meetings, budget conversations — where the technology discussion goes one of two ways.</p>
<p>Either the executives are overwhelmed and don’t know where to begin. Or they believe they are covered because they pay for cloud services, have an IT team, and haven’t experienced a major incident yet.</p>
<p>Both positions carry the same risk.</p>
<p>The organizations that are genuinely prepared are not the ones with the largest IT budgets. They are the ones where leadership — the CEO, the board, the CFO — can answer three specific questions clearly, with documented evidence, before a crisis begins.</p>
<p>Most cannot.</p>
<p>These three questions come directly from the <a href="https://framework.4thandbailey.com" rel="noopener noreferrer" target="_blank">Infrastructure Placement Framework</a> — the open-source enterprise IT framework built and maintained by <a href="https://github.com/4thandBailey" rel="noopener noreferrer" target="_blank">4TH AND BAILEY</a>. They map to Modules 4, 5, and 8 of the framework. They are not technical questions. They are leadership questions — and the answers determine whether an organization survives what is coming.</p>
<hr />
<h2>Question 1 — Can You Protect Your Data, Keep Operating, and Exit a Platform That Fails You?</h2>
<p>This is the cyber resilience question. And it is not a firewall question.</p>
<p>On July 19, 2024, a routine security update from CrowdStrike caused 8.5 million Windows systems to crash globally. The damage exceeded <span><span>10billion.DeltaAirlinestookfivedaystorecover,losingover10 billion. Delta Airlines took five days to recover, losing over </span><span><span><span></span><span>10</span><span>bi</span><span>l</span><span>l</span><span>i</span><span>o</span><span>n</span><span>.</span><span>D</span><span>e</span><span>l</span><span>t</span><span>a</span><span>A</span><span>i</span><span>r</span><span>l</span><span>in</span><span>es</span><span>t</span><span>oo</span><span>k</span><span>f</span><span>i</span><span>v</span><span>e</span><span>d</span><span>a</span><span>y</span><span>s</span><span>t</span><span>or</span><span>eco</span><span>v</span><span>er</span><span>,</span><span></span><span>l</span><span>os</span><span>in</span><span>g</span><span>o</span><span>v</span><span>er</span></span></span></span>500 million. There was no cyberattack. No malicious actor. No password failure. A trusted vendor made a routine change — and organizations that had not answered this question in advance paid for it in days of downtime and hundreds of millions in losses.</p>
<p>In February 2026, ransomware hit the University of Mississippi Medical Center. All 35 clinic locations closed statewide. Epic went offline. Surgeries were canceled. Chemotherapy appointments were canceled. Nine days of partial shutdown followed.</p>
<p>These two events share one thread: the organizations affected were not unprepared because they lacked technology. They were unprepared because they had never answered three foundational questions before the crisis began.</p>
<p><strong>How do we protect our data?</strong> Most organizations believe their data is protected because they pay for a cloud service. That belief is wrong. The vendor’s responsibility ends at the platform boundary. Your data — how it is backed up, encrypted, versioned, and recoverable — is your responsibility.</p>
<p><strong>How do we keep operating if a vendor goes offline?</strong> Only 22% of healthcare organizations fully recovered from a ransomware attack in less than a week. Nearly 40% took more than a month. Recovery speed correlates directly with the quality of preparation.</p>
<p><strong>How do we move our data if a platform stops serving us?</strong> Vendor lock-in accumulates quietly. The time to build a vendor exit runbook is before you need one.</p>
<p><a href="https://github.com/4thandBailey/infrastructure-placement-framework/blob/main/modules/04-cyber-resilience/README.md" rel="noopener noreferrer" target="_blank">Module 4 of the Infrastructure Placement Framework</a> is the structured starting point.</p>
<hr />
<h2>Question 2 — Do You Know What Data Your Employees Have Already Put Into AI Systems?</h2>
<p>This is the AI governance question. And for most organizations, the honest answer is no.</p>
<p>AI is now embedded in virtually every productivity tool employees use daily — Microsoft 365 Copilot, Google Gemini, Salesforce Einstein, GitHub Copilot, and hundreds of other tools with AI features enabled by default. Employees are not waiting for IT policy. They are using these tools right now, in every department, across every level of the organization.</p>
<p>Shadow AI — employees using unapproved AI tools without oversight — is present in virtually every organization. Client data entered into public AI systems. Proprietary processes described in chat prompts. Legal strategy, financial projections, and personnel decisions processed through tools whose data handling policies most organizations have never reviewed.</p>
<p>The regulatory environment is catching up. NIST AI RMF 1.0, NIST AI 600-1, and NIST IR 8596 have established the standards framework. Most organizations have no policy, no inventory, and no idea what data has already entered public AI systems through employee usage.</p>
<p><strong>Three things every organization needs before the end of this quarter:</strong></p>
<p>A <strong>shadow AI audit</strong> that identifies which AI tools are in use, by whom, and what categories of data have been processed through them.</p>
<p>An <strong>AI acceptable use policy</strong> that defines approved tools, prohibited data types, and accountability — in plain language every employee can follow.</p>
<p>An <strong>AI vendor evaluation rubric</strong> that assesses every AI tool against data handling, security, and compliance standards before it is adopted organizationally.</p>
<p><a href="https://github.com/4thandBailey/infrastructure-placement-framework/blob/main/modules/05-ai-governance/README.md" rel="noopener noreferrer" target="_blank">Module 5 of the Infrastructure Placement Framework</a> delivers all three — built on NIST standards.</p>
<hr />
<h2>Question 3 — When Something Goes Wrong, Exactly How Does Your Organization Recover?</h2>
<p>This is the business continuity question. And the emphasis is on the word <em>exactly</em>.</p>
<p>Not “we have a plan.” Not “IT handles that.” Not “we back everything up.”</p>
<p>Exactly how. In what order. By whom. How fast. And when did you last test it?</p>
<p>The data is unambiguous:</p>
<ul>
<li><strong>76%</strong> of organizations needed more than 100 days to fully recover from a cyberattack (IBM Cost of a Data Breach Report, 2025)</li>
<li><strong>40%</strong> of small businesses never reopen after a major disaster (FEMA)</li>
<li><strong>44%</strong> of data breaches in 2025 involved ransomware (Verizon DBIR 2025)</li>
</ul>
<p>Most organizations have a version of a disaster recovery plan. Almost none have a genuine business continuity plan. These are not the same document.</p>
<p>A <strong>Business Continuity Plan</strong> is strategic. It keeps the entire organization operating across all functions during and after any disruption.</p>
<p>A <strong>Disaster Recovery Plan</strong> is tactical. It restores IT systems and infrastructure after a technical failure. It is a component of the BCP — not a replacement for it.</p>
<p><strong>The plan that has never been tested is not a plan.</strong></p>
<p><a href="https://github.com/4thandBailey/infrastructure-placement-framework/blob/main/modules/08-bcdr/README.md" rel="noopener noreferrer" target="_blank">Module 8 of the Infrastructure Placement Framework</a> provides the complete BCDR structure — business impact analysis, BCP and DRP templates, ransomware playbook, breach notification guide, and tabletop exercise scripts for all six scenarios.</p>
<hr />
<h2>Where to Begin</h2>
<p>The <a href="https://framework.4thandbailey.com" rel="noopener noreferrer" target="_blank">Infrastructure Placement Framework</a> is open source, vendor-neutral, and free to use under Creative Commons Attribution 4.0.</p>
<p><strong>Three ways to engage:</strong></p>
<p><strong>Self-assessment.</strong> Fork the repository at <a href="https://github.com/4thandBailey/infrastructure-placement-framework" rel="noopener noreferrer" target="_blank">github.com/4thandBailey/infrastructure-placement-framework</a> and work through the modules relevant to your situation.</p>
<p><strong>Guided assessment.</strong> Start a conversation at <a href="https://4thandbailey.com/contact" rel="noopener noreferrer" target="_blank">4thandbailey.com/contact</a>. Most guided assessments identify three to five immediately actionable findings.</p>
<p><strong>Full engagement.</strong> 4TH AND BAILEY designs, builds, and deploys the infrastructure changes, governance structures, security controls, and policy frameworks the assessment identifies.</p>
<hr />
<p><em>“I’ve spent my career asking ‘what if’ when everyone else was asking ‘how much.’”</em></p>
<p><em>The ‘what if’ is no longer hypothetical. The question is whether your organization is ready for it.</em></p>]]></content>
    <category term="Cyber Resilience" />
    <category term="AI Governance" />
    <category term="BCDR" />
    <category term="Business Continuity" />
    <category term="NIST" />
  </entry>
  <entry>
    <title>Vibe Coding — How I Built My Personal Brand in One Night</title>
    <link href="https://trust-lionel.com//posts/vibe-coding" rel="alternate" type="text/html"/>
    <id>https://trust-lionel.com//posts/vibe-coding</id>
    <updated>2026-05-16T00:00:00.000Z</updated>
    <published>2026-05-16T00:00:00.000Z</published>
    <author>
      <name>Lionel Mosley</name>
    </author>
    <summary type="text">From zero GitHub presence to a fully live personal brand at trust-lionel.com — DNS configured, Astro.build powered, GA4 tracked, all while lo-fi played in the background.</summary>
    <content type="html"><![CDATA[
<blockquote><p><em>Some problems need room to breathe before the architecture reveals itself. Tonight, lo-fi beats created that room — and a complete personal brand emerged from it.</em></p></blockquote>
<h2>The Problem I Was Solving</h2>
<p>I have been going back and forth on my personal brand for quite some time.</p>
<p>The domain <code>trust-lionel.com</code> existed. The idea existed. The work existed. What didn’t exist was a platform that felt right — one that could showcase not just a polished marketing site but actual proof of work. Thought leadership that lived on the open web, not locked inside someone else’s ecosystem.</p>
<p>LinkedIn is an echo chamber. The algorithm rewards engagement loops within your existing network. A well-optimized post can surface for someone in Singapore or Berlin who has never heard of you — but only if you own the platform it lives on.</p>
<p>GitHub gave me that platform.</p>
<hr />
<h2>Why GitHub?</h2>
<p><strong>No login required.</strong> LinkedIn quietly throttles content visibility for non-logged-in users. A GitHub Pages site is fully open, fully crawlable, and fully shareable — a link works for everyone, everywhere, no friction.</p>
<p><strong>SEO ownership.</strong> When you publish on LinkedIn or Medium, <em>they</em> own the SEO value. Your content builds <em>their</em> domain authority. With GitHub Pages on <code>trust-lionel.com</code>, every article, framework, and thought leadership piece builds <em>my</em> domain authority permanently. That compounds over time in a way that LinkedIn posts never will.</p>
<p><strong>Escaping the echo chamber.</strong> The open web doesn’t have an algorithm. It has Google. And Google rewards consistent, well-structured, keyword-rich content on domains with growing authority. That’s a game I can win by simply doing the work and documenting it.</p>
<hr />
<h2>What We Built</h2>
<p>Starting from a GitHub account with no public repositories, here is what exists as of May 16, 2026:</p>
<p><strong>The Profile (<code>github.com/trust-lionel</code>)</strong></p>
<ul>
<li>Username changed from <code>LMO4TH</code> to <code>trust-lionel</code> — brand cohesion across every platform</li>
<li>Bio: <code>ahr-ki-tekt</code> — one word, phonetic, stops people mid-scroll</li>
<li>Every link aligned — <code>trust-lionel.com</code> · LinkedIn · Reddit · <code>@4thandBailey</code></li>
</ul>
<p><strong>The Banner</strong></p>
<ul>
<li>1280×640px data center architect background — server racks, hot aisles, cold aisles, core switch, UPS units, network traces</li>
<li>Green LED indicators on every rack — because green means <em>active and healthy</em></li>
<li>Montserrat ExtraBold typography — matching the 4TH AND BAILEY brand language</li>
<li>Trust blue palette — chosen from color psychology research. Blue signals honesty and security. The domain is called <em>trust</em>-lionel.com. The alignment is intentional.</li>
</ul>
<p><strong>The Website (<code>trust-lionel.com</code>)</strong></p>
<ul>
<li>GitHub Pages with custom Jekyll layouts — no borrowed theme, full brand control</li>
<li>Dark mode support</li>
<li>SEO-optimized with <code>sitemap.xml</code> submitted to Google Search Console</li>
</ul>
<p><strong>DNS</strong></p>
<ul>
<li>Four A records pointing <code>trust-lionel.com</code> to GitHub’s servers</li>
<li>CNAME pointing <code>www</code> to <code>trust-lionel.github.io</code></li>
<li>Domain verified at the GitHub profile level — protected from takeover</li>
<li>Old Squarespace CNAME removed</li>
<li>HTTPS enforcing</li>
</ul>
<hr />
<h2>What I Learned</h2>
<p><strong>Simplicity is sophistication.</strong> The bio is one word. <code>ahr-ki-tekt</code>. No explanation. No elaboration. The simplicity <em>is</em> the statement.</p>
<p><strong>Own your platform.</strong> Every commit to <code>trust-lionel.com</code> builds my domain authority. Every post on LinkedIn builds theirs. The math is simple.</p>
<p><strong>Authenticity in details.</strong> The server rack LEDs were originally blue. I changed them to green because green is the industry standard for <em>active and healthy</em> ports. Nobody might notice. But the people who would notice are exactly the audience I am trying to reach.</p>
<p><strong>The architecture is the message.</strong> The data center banner doesn’t just look good — it tells you what I do before you read a single word. Visual language that only someone who understands enterprise IT would recognize instantly. For everyone else, it just feels like depth and expertise.</p>
<hr />
<h2>The Takeaway</h2>
<p>I came into tonight with a domain and a vision. I left with a fully realized personal brand on the open web — built on GitHub, powered by Astro.build, scored by lo-fi, and finished before sunrise.</p>
<p>The work was always there. It just needed the right architecture to live in.</p>
<p>That’s the difference between having something to say and having a place to say it.</p>]]></content>
    <category term="Personal Brand" />
    <category term="GitHub Pages" />
    <category term="SEO" />
    <category term="Open Web" />
  </entry>
  <entry>
    <title>MacSysTools — Native macOS System Administration App</title>
    <link href="https://trust-lionel.com//posts/macsystools" rel="alternate" type="text/html"/>
    <id>https://trust-lionel.com//posts/macsystools</id>
    <updated>2026-03-05T00:00:00.000Z</updated>
    <published>2026-03-05T00:00:00.000Z</published>
    <author>
      <name>Lionel Mosley</name>
    </author>
    <summary type="text">A native macOS system administration app built with SwiftUI + Xcode for macOS Tahoe. 23 tools, one click away — because the frustration wasn&#039;t Terminal, it was remembering the syntax.</summary>
    <content type="html"><![CDATA[
<blockquote><p><em>I enjoy working with different computing platforms. When using my MacBook Pro — switching between PowerShell and Terminal — I often forget commands like Flush DNS Cache. Rather than reaching for my notes every time, I opened Xcode and built the solution.</em></p></blockquote>
<h2>What is MacSysTools?</h2>
<p>MacSysTools is a native macOS system administration application built specifically for <strong>macOS Tahoe (26.x)</strong> running on an Intel MacBook Pro.</p>
<p>It provides a clean, professional graphical interface for common macOS Terminal commands — eliminating the need to remember complex command syntax or open Terminal manually. Every tool is one click away, with live output streaming, native sudo elevation, and a UI that feels indistinguishable from a first-party Apple application.</p>
<p><strong>The core philosophy:</strong> encode the knowledge of <em>what command to run and when</em>, not just how. The app handles version detection, privilege elevation, output parsing, and error display — the user selects a tool and clicks Run.</p>
<p><strong>Repository:</strong> <a href="https://github.com/trust-lionel/macsystools" rel="noopener noreferrer" target="_blank">github.com/trust-lionel/macsystools</a></p>
<hr />
<h2>Why SwiftUI + Xcode Instead of Electron</h2>
<p><strong>Liquid Glass.</strong> macOS Tahoe introduced the most significant visual redesign since Big Sur, built around a new material called Liquid Glass. SwiftUI gets this automatically and correctly — Electron required undocumented private APIs that could break with any macOS point release.</p>
<p><strong>Native performance.</strong> The MacSysTools app bundle is approximately 8MB. An equivalent Electron app would be roughly 150MB due to the bundled Chromium runtime.</p>
<p><strong>Finder, Spotlight, and Dock integration.</strong> A SwiftUI app built with Xcode produces a proper <code>.app</code> bundle the OS recognizes natively — it appears in Spotlight search, pins to the Dock, and launches in under a second.</p>
<hr />
<h2>Development Environment</h2>





































<table><thead><tr><th>Component</th><th>Version</th></tr></thead><tbody><tr><td>Mac</td><td>MacBook Pro Intel (x86_64)</td></tr><tr><td>macOS</td><td>Tahoe 26.x</td></tr><tr><td>Xcode</td><td>26.4.1 (17E202)</td></tr><tr><td>Swift</td><td>6.3.1</td></tr><tr><td>Interface</td><td>SwiftUI</td></tr><tr><td>Deployment Target</td><td>macOS 26.0</td></tr><tr><td>Bundle ID</td><td>com.lionelmosley.MacSysTools</td></tr></tbody></table>
<hr />
<h2>The 23 Tools</h2>
<h3>Network (6 tools)</h3>








































<table><thead><tr><th>Tool</th><th>Command</th><th>Sudo</th></tr></thead><tbody><tr><td>Flush DNS Cache</td><td><code>sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder</code></td><td>Yes</td></tr><tr><td>nslookup</td><td><code>nslookup -type=[A/MX/TXT…] [hostname] [server]</code></td><td>No</td></tr><tr><td>Wi-Fi Diagnostics</td><td><code>networksetup -getinfo Wi-Fi &amp;&amp; airport -I</code></td><td>No</td></tr><tr><td>Ping Host</td><td><code>ping -c [count] [hostname/IP]</code></td><td>No</td></tr><tr><td>Traceroute</td><td><code>traceroute [hostname/IP]</code></td><td>No</td></tr><tr><td>Renew DHCP Lease</td><td><code>sudo ipconfig set en0 DHCP</code></td><td>Yes</td></tr></tbody></table>
<h3>System (6 tools)</h3>








































<table><thead><tr><th>Tool</th><th>Command</th><th>Sudo</th></tr></thead><tbody><tr><td>Purge Memory</td><td><code>sudo purge</code></td><td>Yes</td></tr><tr><td>Disk Permissions</td><td><code>diskutil verifyPermissions /</code></td><td>Yes</td></tr><tr><td>Clear System Logs</td><td><code>sudo rm -rf /private/var/log/asl/*.asl</code></td><td>Yes</td></tr><tr><td>Rebuild Spotlight</td><td><code>sudo mdutil -E /</code></td><td>Yes</td></tr><tr><td>Show Open Ports</td><td><code>sudo lsof -i -n -P | grep LISTEN</code></td><td>Yes</td></tr><tr><td>Clear Font Cache</td><td><code>sudo atsutil databases -remove &amp;&amp; sudo atsutil server -shutdown</code></td><td>Yes</td></tr></tbody></table>
<h3>Security (4 tools)</h3>






























<table><thead><tr><th>Tool</th><th>Command</th><th>Sudo</th></tr></thead><tbody><tr><td>Kill Process</td><td><code>killall [process name]</code></td><td>No</td></tr><tr><td>Firewall Status</td><td><code>/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate</code></td><td>No</td></tr><tr><td>Gatekeeper Status</td><td><code>spctl --status</code></td><td>No</td></tr><tr><td>Clear App Cache</td><td><code>rm -rf ~/Library/Caches/*</code></td><td>No</td></tr></tbody></table>
<h3>Developer (4 tools)</h3>






























<table><thead><tr><th>Tool</th><th>Command</th><th>Sudo</th></tr></thead><tbody><tr><td>Clear Xcode Derived Data</td><td><code>rm -rf ~/Library/Developer/Xcode/DerivedData</code></td><td>No</td></tr><tr><td>Show Hidden Files</td><td><code>defaults write com.apple.finder AppleShowAllFiles -bool true &amp;&amp; killall Finder</code></td><td>No</td></tr><tr><td>Edit /etc/hosts</td><td><code>open -e /etc/hosts</code></td><td>No</td></tr><tr><td>System Information</td><td><code>system_profiler SPHardwareDataType SPSoftwareDataType</code></td><td>No</td></tr></tbody></table>
<h3>Sharing (3 tools)</h3>

























<table><thead><tr><th>Tool</th><th>Command</th><th>Sudo</th></tr></thead><tbody><tr><td>Enable Screen Sharing</td><td><code>sudo launchctl enable system/com.apple.screensharing</code></td><td>Yes</td></tr><tr><td>Enable Remote Login</td><td><code>sudo systemsetup -setremotelogin on</code></td><td>Yes</td></tr><tr><td>Enable File Sharing</td><td><code>sudo launchctl enable system/com.apple.smbd</code></td><td>Yes</td></tr></tbody></table>
<hr />
<h2>The Takeaway</h2>
<p>This project is a good example of how I think about problems. The frustration wasn’t Terminal — Terminal is powerful. The frustration was the cognitive overhead of remembering syntax for commands I use infrequently. The solution wasn’t a notes app or a cheat sheet. The solution was encoding the knowledge into a tool that eliminates the question entirely.</p>
<p>That’s the difference between a workaround and an architecture.</p>]]></content>
    <category term="macOS" />
    <category term="SwiftUI" />
    <category term="Developer Tools" />
    <category term="Open Source" />
  </entry>
</feed>