In this episode, Tom and Scotti take listeners behind the curtain at Cordant, revealing how the team collaboratively approaches designing IT solutions—from infrastructure to cybersecurity. Framed around a hypothetical greenfield deployment, the discussion is a rapid-fire breakdown of their go-to tools, platforms, and philosophies—covering everything from hypervisors and SIEM solutions to code repositories and discovery tools.

Key Topics Covered:

• Discovery & Strategy Process:
  The Cordant methodology: discovery, internal collaboration, and experience-based solution building.


• VMware & Broadcom Fallout:
  Tom discusses why VMware remains the on-prem hypervisor of choice, despite Broadcom's pricing and licensing challenges. Alternatives are weighed, including cloud-native VMs and infrastructure consolidation strategies.


• SIEM & Logging Solutions:
  Scotti explores cost-effective approaches to log management, weighing Splunk, Microsoft Sentinel, and CrowdStrike SIEM. He stresses the need to align tooling with organisational maturity and internal expertise, cautioning against over-investment in underutilised platforms.


• Code Repositories:
  The team debates GitHub, GitLab, Bitbucket, and cloud-native options. Security, ease-of-use, and deployment flexibility are discussed, especially in contexts requiring data sovereignty or air-gapped environments.


• Discovery Tooling & Attack Surface Management:
  With evolving threats shifting from network-focused to identity-centric attacks, Scotti outlines the importance of modern asset discovery tools like RunZero, AssetNote, and Wiz. He advocates for agentless, comprehensive visibility across hybrid environments.

Key Takeaways:

• Vendor selection should reflect organisational context—not just feature sets.


• Tooling must match internal capability; gold-plated tech without operational maturity offers little value.


• Identity, not infrastructure, is the modern threat frontier—external and internal visibility is critical.


• Cloud-native and hybrid strategies should be evaluated tactically and strategically, not reactively.