
Michael St.Onge
Head of Technical Services
Michael leads Tamnoon's technical services team, working hands-on with security operators to remediate misconfigurations and vulnerabilities at scale. He writes from the front line of RemOps and SOC workflows.
LinkedInArticles by Michael (13)

Automated Remediation Playbooks for Production-Safe Cloud Environments
June 15, 2026Security teams today face an overwhelming volume of alerts. Cloud Security Posture Management (CSPM) tools like Wiz, Orca Security, and Palo Alto Cortex Cloud effectively identify misconfigurations an…

Closing the Cloud Security Remediation Gap with RemOps
June 1, 2026Security teams drown in alerts. Engineering teams struggle to fix them without breaking production. This disconnect costs organizations time, resources, and significantly increases risk. Traditional c…

NIST's NVD Shift Demands a New Vulnerability Strategy
April 29, 2026NIST's NVD Shift Demands a New Vulnerability Strategy NIST's recent operational changes to the National Vulnerability Database (NVD) aren't just an administrative tweak; they're a seismic shift in how…

Operational Playbooks for Swift Cloud Security Remediation
April 5, 2026Stop Chasing Alerts and Start Engineering Fixes Your CNAPP is lit up like a Christmas tree, and your remediation backlog is measured in fiscal quarters. It's a familiar story. The industry is saturate…

CNAPP Alert Fatigue Is Killing Your MTTR: Here is How to Fix It
March 12, 2026Your CNAPP Isn't Lying, It's Just Not HelpingThe thousands of alerts pouring out of your Cloud Native Application Protection Platform (CNAPP) are technically correct. Your Wiz, Orca, or Prisma Cloud i…

Coruna Exploit Kits Are Hitting Your Mobile-First Workforce: How to Neutralize Spy-Grade Threats
March 11, 2026Coruna Exploit Kits Are Hitting Your Mobile-First Workforce: How to Neutralize Spy-Grade Threats A compromised iPhone is now a privileged cloud endpoint. This isn't a theoretical risk; it's the operat…

Closing the Breach Window: Stop Exploits Without Breaking Production
March 11, 2026Deconstructing the Breach Window From Detection to ExploitationThe operational gap between detecting a vulnerability and actually fixing it's where breaches happen. Your security team gets an alert fr…

Industrial AI Frameworks Fail: Your Alert List Isn't a Defense Plan
March 11, 2026Your industrial AI frameworks are just as vulnerable as the rest of your stack. That's the operational reality security teams are grappling with. Frameworks like LangChain, Langflow, and LiteLLM aren'…

AI Vulnerability Scanners: Production Impact and Risk Analysis
March 5, 2026Your AI scanner just caused a production outage. It was supposed to be the solution to alert fatigue. Instead of a meaningless list of ten thousand CVEs from Wiz, Prisma, or Orca, the new AI-powered s…

Vulnerability Exploitation: Why Your Patch Cycle is Already Too Slow
March 3, 2026Vulnerability Exploitation: Why Your Patch Cycle is Already Too Slow Your weekly patch cycle is now a documented liability. While your teams follow a traditional cadence of scan, prioritize, and deplo…

Alerts Aren't Defenses: Why Your Security Stack Fails at Remediation
March 2, 2026Your Detection Stack Is a Liability Without a Fix Your CSPM just found 5,000 "critical" vulnerabilities. A normal Monday. For security teams, this isn't intelligence; it's inventory. An ever-growing l…

Shadow LLMs Are Leaking Your Secrets: Stopping AI Tool Breaches
February 28, 2026Find the Bleed: Tactical Discovery of Shadow AI in Your Cloud Analyzing Egress Traffic Patterns Finding shadow AI isn't about buying another tool. It's about using the data you already have. Start wit…

Deepfake Identity Attacks: Why Your MFA Isn't Enough Anymore
February 26, 2026Deepfake Identity Attacks: Why Your MFA Isn't Enough AnymoreYour MFA is a locked front door, but attackers are now teleporting directly into the living room.Multi-factor authentication was the correct…