I'm a Vice President of Information Technology with two decades of experience delivering enterprise-scale technology programs. My work spans infrastructure, cybersecurity, and the emerging frontier of AI and automation in IT operations.

I write here — on this site — as a practitioner, not as a vendor or pundit. What I publish is what I've shipped, debugged, lived with, and learned from. I share the uncomfortable details too: the failures, the false starts, the ROI that never materialized.

What I do

My work revolves around three areas:

IT Infrastructure & Architecture

Design and operation of the technology foundation of a business — identity, networks, cloud, data platforms, endpoints. I focus on reliability, cost-efficiency, and observability — the unglamorous things that determine whether everything else works.

Hybrid Cloud Identity & Access Network Architecture Endpoint Management Observability

Cybersecurity Strategy

Moving beyond compliance checkboxes to a defense that actually matches your threat model. That means KEV-prioritized patching, practical Zero Trust, tabletop-tested incident response, and dark-web-aware threat intel.

Zero Trust Threat Intelligence Vulnerability Management Incident Response SOC Operations

AI & Automation

Applying generative AI and automation to real operational problems — incident triage, change automation, policy drafting, tier-1 SOC triage. Skeptical of vendor hype, enthusiastic about the real wins.

AI Ops Infrastructure-as-Code Automated Remediation LLM Integration SOAR Design

Where I've been

My full career history — companies, roles, dates, endorsements, recommendations — is maintained on LinkedIn. I keep it updated there rather than mirroring it here, so you always see the latest:

View Full Profile on LinkedIn ↗

Raj Macwan

What I'm learning

I'm currently pursuing advanced studies at MIT, focused on the intersection of technology leadership, innovation, and policy. It's shaping how I think about organizational decisions at the technology level — and I'm writing about what I learn as I go.

See the MIT Journey page for ongoing reflections and essays from this program.

What I build

Understanding security, privacy, and infrastructure requires building, not just reading. My most-mentioned side project is DarkPulse Security — a cybersecurity news aggregator operating as a Tor hidden service on a Whonix-isolated stack.

The site aggregates 18+ public security feeds, maintains the CISA KEV mirror, tracks ransomware groups, and publishes weekly long-form case files. It runs under a separate pseudonymous identity (TheMacwan) and is intentionally operationally isolated from this professional profile.

Read about DarkPulse and why I built it →

Philosophy

A few principles I keep coming back to:

  • Boring infrastructure is good infrastructure. Reliability is a feature.
  • Security is a culture, not a control set. You can't NIST-CSF your way out of poor team dynamics.
  • Automate what you understand. Automating confusion just creates confusion faster.
  • Threat models age badly. Revisit them. Your adversaries aren't from 2019.
  • Tools don't fix bad processes. AI included. Especially AI.

Why this site exists

I believe IT leaders should write. Not to build personal brands, but because sharing our mistakes and frameworks makes the next practitioner's job easier. This is a small contribution to that long chain.

If any of it resonates — or you think I'm wrong about something — reach out.

Contact Me Read the Blog