About

About

Most organizations don’t lack security tools. They lack the depth to make those tools deliver.

About Me

Gianni Castaldi

I’m Gianni Castaldi. Microsoft Security MVP, CISSP and GIAC GCFE. I’ve worked in IT since 2008 and made the move into cybersecurity full-time in 2017. Since then, I’ve built my career around one clear focus: helping organizations turn their security investments into real, measurable protection. Not by adding more products to the stack, but by getting significantly more value from what’s already deployed.

That work is anchored in the Microsoft Security Stack. Microsoft Sentinel, Defender XDR and KQL are where I spend the majority of my time. Building detection logic, hunting for threats, tuning alert environments and closing the operational gaps that keep deployed tools from delivering their full potential. I also bring hands-on experience with broader security technologies, including Palo Alto Networks, because production environments are rarely single-vendor and effective defense can’t afford to be either.

I created KustoKing to give practitioners a dedicated resource for mastering KQL, the query language that powers much of Microsoft’s security and observability tooling. I cohost KQLCafe, a community where security professionals come together to learn, share and sharpen their craft. And I regularly speak at industry events including Workplace Ninja Summit, Experts Live NL and the Dutch Microsoft Security Meetup, sharing practical insights from real-world engagements.

SecM8 grew out of a pattern I kept seeing in the field: organizations that had invested significantly in security platforms but weren’t extracting the protection those platforms were built to deliver. The problem was rarely the technology itself. It was detection coverage, tuning discipline, operational maturity and the knowledge to tie it all together. This blog exists to help close that gap. Every post reflects the same practical, hands-on approach I bring to my work: grounded in experience, focused on outcomes and written for people who do this professionally.

When I’m not writing detections or building queries, I’m a father of two who still finds it hard to stop thinking about how to explain complex security topics in ways that are genuinely useful.

What You’ll Find Here

SecM8 is built for defenders who want depth, not noise:

  • Detection engineering. Designing, testing and maintaining detections that hold up in production
  • Threat hunting. Structured methods for finding what automated alerts miss
  • Microsoft Security. Deep dives into Sentinel, Defender XDR, KQL and the broader stack
  • Blue team tradecraft. The operational discipline that separates good security teams from great ones
  • Broader security thinking. Because effective defense draws from more than one ecosystem

No recycled vendor marketing. No padded post counts. Every article is built on hands-on experience.

Default to Defended

The name says it. Security should be the starting position, not a reaction to the last incident. The content on SecM8 is designed to help you build that foundation: sharper detections, deeper visibility and stronger outcomes from the tools already in your environment.

If you’re a defender, consultant, engineer or security leader looking to raise the standard, welcome.