Who uses these tools
Small technical teams
Teams without a dedicated security engineer who need to get cloud, DNS, and website hardening done without over-engineering it.
MSPs and web agencies
Agencies managing client infrastructure who want repeatable checklists, DNS backup tooling, and security baselines for client onboarding and reviews.
Solo operators and home lab builders
Practitioners who want automation scripts, evidence workflows, and reusable templates for running security work at their own pace.
Start with a practical security checklist
Practical checklists for teams that want to improve security without turning every problem into a consulting engagement.
Cloudflare + Website Security Baseline
A practical checklist for reviewing DNS, Cloudflare, WordPress, security headers, backups, and admin exposure.
Get Checklist →DNS Backup and Recovery
A checklist for making DNS records versioned, recoverable, and auditable before a bad change or account issue causes downtime.
Get Checklist →AI Agent Prompt Security
A starting checklist for reviewing AI-agent prompts, tool access, risky instructions, and CI-friendly prompt checks.
Get Checklist →Featured Security Tools
Practical tools and automation projects built to make useful security work repeatable, recoverable, and easier to operate.
Automated Cloudflare DNS record backup script. Keep DNS configuration versioned and recoverable without manual exports.
Use case: Version and recover DNS configs before client migrations or account restructuring.
View Tool →Prompt linting, static risk scanning, testing, and CI workflows for safer AI-agent prompt pipelines.
Use case: Integrate into CI pipelines to catch risky agent prompts before they reach production.
View Tool →Bash scripts that snapshot every GitHub repository owned by an account. Off-platform backup for your entire GitHub presence.
Use case: Off-platform backup before account restructuring or platform incidents.
View Tool →Curated DNS blocklists for Pi-hole and similar resolvers. Blocks ads, trackers, and malicious domains at the network level.
Use case: Network-level blocking for home labs, small office, and MSP client networks.
View Lists →Ready-to-import automation workflows for security alerts, notifications, and operational pipelines.
Use case: Drop-in automation for security alerts, notifications, and operational reporting.
View Workflows →Complete Docker deployment for OpenCTI as a proof of concept. Spin up a full threat intelligence platform for home lab or evaluation.
Use case: Spin up a threat intel lab for evaluation or home lab research.
View Deployment →Quick Bash script to install CasaOS on Debian 13. Streamlines self-hosted home lab setup with a clean, reproducible approach.
Use case: Reproducible home lab setup on commodity Debian 13 hardware.
View Script →Productized security systems in progress
I'm building tools that turn repeated manual security work into reusable systems, templates, and evidence packs.
Security Evidence Pack Generator
ConceptGenerate branded, client-ready evidence packs from structured security inputs, screenshots, and implementation notes.
Join Waitlist →Website Security Baseline Generator
PlannedTurn website, DNS, Cloudflare, and WordPress review inputs into a practical security baseline report.
Get Updates →Security Automation Template Library
BuildingReusable n8n, Bash, Python, GitHub Actions, and documentation templates for lightweight security operations.
View Tools →Security areas I build for
The focus is practical security tooling: repeatable workflows, checklists, evidence systems, and automations that reduce real operational risk.
Cloud Security Automation
Tools and templates for cloud baselines, exposure reduction, configuration checks, and repeatable review workflows across AWS, Azure, and GCP.
Web & WordPress Hardening
Checklists and automation for Cloudflare, headers, backups, plugin risk, and practical website security baselines.
DNS Backup & Recovery
Utilities for making DNS changes versioned, auditable, and recoverable before something breaks.
Incident Readiness
Templates and workflows for logging, endpoint visibility, first-hour response, and operational readiness before a real incident forces the issue.
Security Evidence Packs
Productized reporting and evidence-pack systems for repeatable security delivery and client-ready documentation.
AI Prompt Security
Prompt linting, risk scanning, CI checks, and safer AI-agent workflow patterns to reduce prompt injection and trust boundary risk.
Building practical
security systems
I'm Myles — a cyber security practitioner and tool builder based in Sydney, Australia.
I build practical security utilities, automation workflows, and repeatable templates for cloud, web, and operational security. My bias is toward tools that reduce real risk, make recovery easier, and turn manual security work into systems that can be reused.
I'm most interested in secure-by-default infrastructure, DNS and web hardening, incident readiness, evidence packs, and security automation that helps small teams operate with more confidence. I've spoken at WordCamp Brisbane, run cloud security tooling across AWS, Azure, and GCP, and been in the trenches with Cloudflare, Splunk, and Velociraptor.
When I'm not building security tools, you'll find me surfing, snowboarding, mountain biking, or on the back of a motorbike. Dad. Tech geek. Coffee addict. In that order.
From the blog
3 Jun 2026
Cloudflare DNS Backup
An automated Bash script that retrieves all Cloudflare zones, converts records to BIND format, and creates timestamped daily backups.
Read post →20 Aug 2020
Prepping for Boss of the SOC ANZ 2020
Getting ready for Splunk's blue-team CTF — SIEM skills, threat hunting, and incident investigation put to the test in a realistic scenario.
Read post →19 Aug 2020
Install Ubiquiti Network Controller on Open Source Firewall Hardware
Running the UniFi controller on open source firewall hardware — combining both worlds for a powerful home lab network setup.
Read post →Get security tool updates
Get practical security checklists and early access to tools I'm building for website, DNS, cloud, and automation hardening. No enterprise theatre, no fluff.
Please do not include passwords, secrets, client data, or sensitive credentials. No spam — unsubscribe any time.