Matt Franz

@[email protected]
91 Followers
252 Following
1.1K Posts
Recovering SecOps Director, Dad, and Husband. Cloud curious since 2007. Responsible for production AWS workloads since 2012. Formerly many Cyber companies you’ve heard of, but not Amazon.
Infosec Exchangehttps://infosec.exchange/@mdfranz
Blueskyhttps://bsky.app/profile/mdfranz.com
GitHubhttps://github.com/mdfranz
Bloghttps://blog.mdfranz.com
Matt FranzFeb 26, 2025
TIL but probably will never use https://github.com/kro-run/kro
GitHub - kro-run/kro: kro | Kube Resource Orchestrator

kro | Kube Resource Orchestrator. Contribute to kro-run/kro development by creating an account on GitHub.

GitHub
Matt FranzFeb 25, 2025
https://medium.com/data-science-collective/an-opinionated-perspective-on-current-agent-toolkits-30a1362ad4f9 <- agent toolkits, damned if you damned if you don't đŸ˜¬
An Opinionated Perspective on Current Agent Toolkits

This article is a collaboration with Davis Broda and Eric Broda. Davis Broda is a senior technical architect, team leader, and software engineer specializing in generative-ai, autonomous agents, and…

Data Science Collective
Matt FranzFeb 15, 2025
Decent cheat sheet https://pub.towardsai.net/analyze-data-like-a-python-pro-b24e73b943ab
Analyze Data Like A Python Pro - Towards AI

I remember drowning in online searches for the first few months of my data science journey. Every task, no matter how small, required an endless cycle of searching Stack Overflow, poring over Pandas…

Towards AI
Matt FranzFeb 15, 2025
I use uv everyday but still a lot to learn https://autognosi.medium.com/modern-ci-cd-pipelines-of-rest-api-python-project-with-uv-be0c5fa1f514
Modern CI-CD Pipelines of REST API Python Project with UV

Creating REST API services is a critical aspect of modern application development, and tools like UV help simplify and streamline this process. UV is a modern Python package manager, written in Rust…

Medium
Matt FranzFeb 3, 2025

The Senate Voicemail (Cisco) is full. Tried calling three times.

Fortunately, Maryland Senators and Reps are fighting the good fight.

https://www.youtube.com/live/stI7ZIb9FDg?si=Wh9T8Gi8wheTRsqi

Van Hollen, Colleagues Host Press Availability At USAID HQ Amid Illegal Shut Down Of Agency

YouTube
Matt FranzFeb 3, 2025
There is an @indivisibleteam Zoom now with supposedly 40k folks
Matt FranzFeb 3, 2025
I really don't see the point of this. https://github.com/containers/ramalama
GitHub - containers/ramalama: RamaLama is an open-source developer tool that simplifies the local serving of AI models from any source and facilitates their use for inference in production, all through the familiar language of containers.

RamaLama is an open-source developer tool that simplifies the local serving of AI models from any source and facilitates their use for inference in production, all through the familiar language of ...

GitHub
Show threadMatt FranzFeb 1, 2025
Although I'm more into ClickHouse lately https://www.linkedin.com/feed/update/urn:li:activity:7291511892219490304/
Matt Franz on LinkedIn: #siem #duckdb #clickhouse #analytics #sql

If I was somewhat "early" to jump on the DuckDB bandwagon, I've been a relative latecomer to ClickHouse. After spending multiple days over the last week (mostly using ClickHouse local, but some with Python and CHDB, and I do have some actual servers deployed on VMs and I've tested the Altinity Operator on K3s) it is definitely growing on me. Also, if you are in a multi-SIEM environment it is frustrating to keep bouncing back and forth between the 3 different query languages used by Elastic, KQL, Splunk, and SumoLogic -- all which are different enough in implementation to make your head explode. It is nice to fall back to common SQL for quickly slicing data. I'm not sure I'll go back to DuckDB. Why? The fact that ClickHouse runs both locally and in a distributed cluster and that I only need to learn a single set of commands whether I'm querying/ingesting data into a cluster or locally or from S3.  I also find the command-line editing and client far quicker to use for modifying previous queries. The speed of console SQL blows away the web UI of a SIEM or Jupyter notebooks, once you get fluent. Maybe the Athena clients got better over the last few years (I doubt it) but it is a much better querying experience. And this morning I was setting up a website for a non-profit and I had to use the mysql client and it was terrible. The one thing I do miss about DuckDB is that I haven't figured out how to do an automated CREATE the TABLE from JSON data with ClickHouse. The only way I've been able to getting it working is to do a DESCRIBE then manually create the schema (usually with help of an LLM) to CREATE and then INSERT the data if I want to run in memory, but I could be doing something wrong. It does take some through to lay out your folder structure on S3 to maximize searching across different data (and log) types. (This screenshot was searching a month+ of compressed TLS logs in S3 from Zeek just scratches the surface of what you can do.  I know lots of blue teamers love to stand up a local Elasticsearch/OpenSearch cluster on Docker for ingesting and analyzing data but I just won't go there. I'm just too impatient for that, and would rather RAM for all my Chrome tabs or LLMs.) #SIEM #DuckDB #ClickHouse #Analytics #SQL

Matt FranzFeb 1, 2025
TIL - https://extensions.quacking.cloud/
DuckDB Extensions for AWS Lambda

Run DuckDB serverlessly for querying remote and local data. With access to all currently available extensions.

Matt FranzFeb 1, 2025
DeepSeek 14b didn't really get the concept of writing Ansible.