About
Distinguished Lead Enterprise Architect with over 13 years of experience at Humana, a…
Activity
30K followers
-
Thomas Nelson posted thisDon’t log secrets. That’s sound advice. But it’s also a weak control. What I’ve noticed—after reading through Cerbi docs, technical descriptions of their .NET packages, logging hygiene threads, and cost-focused discussions—is a recurring pattern: most logging governance happens **after** damage is already baked into observability stores. Sink-side masking, scrubbing pipelines, or ingestion-time filters all help. But by the time they run, the sensitive field is already sitting in cheap-to-forget-but-expensive-to-delete storage. You’ve already paid to index it, alerted on it once, maybe even triggered an audit warning. On the other hand, preventing sensitive data at the source is quieter, cheaper, and safer in the long run. If the app doesn’t emit “password,” “creditCard,” or “token,” then nothing downstream needs cleanup. Yet that requires logging enforcement where the log is created—not later in the pipeline. That’s the subtle but important shift in mindset. CerbiStream does exactly that. It sits in your .NET app alongside Serilog or Microsoft.Extensions.Logging, applies policies in-process, and sanitizes or tags violations before the sink sees anything. That keeps your observability tools intact while stopping the sensitive data at the origin. Useful logs are good. Unsafe useful logs are still unsafe. Apply governance where it matters most—in the app’s hot path—not as a post-incident afterthought. #Logging #PlatformEngineering #DevSecOps #SoftwareArchitecture
-
Thomas Nelson posted thisLogs start as troubleshoot aids. Then they turn into compliance evidence, dashboards, billing shocks—and sometimes arresting officers’ homework. That weird progression is what bugs me most. Most teams rely on downstream tools—masking pipelines, ingestion filters, “PII cleanup”—which does work, in a way. But it’s also late. The sink can scrub what it sees, but it cannot un-send sensitive fields that already escaped. That kind of cleanup is always a second chance attempt. There’s also this quiet cost bleed. Observability vendors charge by the gigabyte. Every extra field logged—and retained—inflates storage, indexing, and retention fees. The tooling isn’t inherently expensive. We’re paying for data quality issues and developer habits that went unchecked at emission time. Here’s the thing: governance belongs in the app, not only in the pipeline. If we can catch disallowed fields, redact PII, enforce schema consistency, and tag violations as logs are created—in process, with zero hot-path delay—it shifts the burden upstream. You keep your Serilog or MEL setup, keep shipping to Datadog or Splunk, but the noise, the risk, the cost—all that gets fewer chances to sneak in. That’s exactly why I’ve built Cerbi: a thin governance layer that lives in-process, applies rules before logs leave, and leaves the sink to do what sinks do best. Makes audits less painful and incidents less costly—without rewriting every logger or changing dashboards. Useful logs are good. Unsafe useful logs are still unsafe—and usually expensive. #Observability #PlatformEngineering #Logging #DevSecOps
-
Thomas Nelson posted thisSink-side filtering and masking feel useful—until you realize they let the unsafe log actually escape the app. I’ve seen teams lean on downstream scrubbing because it’s easier, but that’s exactly when things go sideways—compliance reviews, incident post-mortems, and auditing end up chasing shadows. Tuning logs after ingestion is often cheaper than rewriting the app, true—but it’s also late and incomplete. Once a sensitive field leaves the process, it’s already proliferated. The logging sink might remove or mask it, but the original emission is out of reach. That gap between emission and cleanup is the part that bothers me. Here’s where it gets interesting. If you treat logging like a contract rather than an afterthought, you define what’s safe at the source. You tag violations there, keep the schema stable, version your rules, and let the logs flow downstream—all clean or appropriately redacted. That preserves context for debugging, avoids risky noise, and prevents uncontrolled data leaks without rewriting downstream systems. That’s why I’m working on Cerbi—to govern logging behavior at the source, before the event leaves the app, while still keeping existing observability tools happy. We can choose which fields stay, which get redacted, and which trips a violation—all inside the process where they originate. Logs start as a developer tool, but they often end up as audit evidence. If your guardrail only kicks in after the log has been emitted, you're treating a last-minute patch like a rule. It’s fine until it isn’t. #Logging #DevSecOps #SoftwareArchitecture #Observability
-
Thomas Nelson posted thisI keep seeing teams try to fix bad logging behavior after the fact. Masking PII in query results. Cleaning up leaked fields in data lakes. Adding filters in pipelines that were never meant to be governance engines. It works for a while, until another service drifts and the same data shows up again. The real problem is that logs are trusted too early. Once a field is written, it’s already moving through sinks, alerts, and storage. At that point, you’re cleaning an oil spill, not preventing one. So Cerbi enforces at emission time. The .NET stream hooks directly into MEL, Serilog, or NLog, evaluates a JSON policy in-process, and blocks or sanitizes what shouldn’t leave. It forwards a normal log downstream, just governed. No pipeline edits. No extra boxes in the path. Governance has to start where the event is born, not where it’s indexed. Anything later is damage control. #Logging #DevSecOps #SoftwareArchitecture #PlatformEngineering #Observability https://lnkd.in/eUFddyQB
-
Thomas Nelson posted thisA lot of logging advice starts at the wrong end. Teams notice bad data after it lands. Then they write scrapers, filters, redactors. It’s all downstream triage. By that point the damage is done. Sensitive fields already left the app. Schema drift already broke dashboards. You can’t unlog something. I’ve been working on Cerbi to push that protection upstream—inside the process, intercepting events before they ever leave. No pipeline edits. No call-site rewrites. The logger asks a simple question at emission time: is this allowed to be logged? If not, it blocks or sanitizes right there. That shift, from downstream cleanup to source control, changes the economics. Less noise sent, less waste stored, less panic later when someone audits a random payload. Governance shouldn’t be an afterthought that runs in the cloud. It should start where the data is born. #Logging #DevSecOps #SoftwareArchitecture #PlatformEngineering #Observability https://lnkd.in/eUFddyQB
-
Thomas Nelson posted thisA secret key in a log line looks harmless until it’s not. By the time it surfaces in a dashboard or audit, it’s already copied across indexes, storage tiers, and retention rules. “We’ll mask it downstream” sounds sensible until you count how many systems already hold it. The issue isn’t bad dashboards or missing scrubbing tools. It’s that we trust application logs before verifying what they emit. We treat log pipelines as cleanup stages instead of enforcing discipline where the event originates. That’s the part I keep coming back to while finishing Cerbi. I wanted a way to govern logging behavior inside the app, at emission time, before data leaves the process. No pipeline rebuilds, no call‑site rewrites. Just a standard way to decide what’s allowed to be logged. Everything downstream gets safer and cheaper when the source behaves predictably. #Logging #ApplicationSecurity #DevSecOps #PlatformEngineering #SoftwareArchitecture https://lnkd.in/eUFddyQB
-
Thomas Nelson posted thisI keep seeing the same pattern: someone finds a secret or a chunk of PII buried in a log after it’s already been ingested. Then comes the cleanup sprint, the redaction scripts, the compliance meetings. By that point the damage is done. The root problem isn’t that teams lack filters downstream. It’s that we trust the output too early. Once unsafe data is emitted, every sink that touches it becomes part of the exposure trail. That’s not a logging platform issue. That’s an emission-time issue. I’ve been building Cerbi around that idea. Logging should be governed where it starts—in-process, inside the app, before the event ever leaves your runtime. If a field violates policy, it gets blocked or sanitized right there. The clean event continues on to your normal sinks the same way it always would. No pipeline to patch later. It’s a small architectural shift, but it changes how reliable your telemetry actually is. Governance stops being an afterthought and becomes part of the log emission itself. #Logging #DevSecOps #PlatformEngineering #SoftwareArchitecture #Observability https://lnkd.in/eUFddyQB
-
Thomas Nelson posted thisLogs are only useful if you can trust what’s inside them. Too often, the problem starts before the first dashboard ever loads. Sensitive fields slip through. Schema shifts quietly. Suddenly one service emits `user_id` while another emits `userid`, and every query downstream breaks. Most teams try to fix it after ingestion. Mask it, standardize it, or filter it in the pipeline. The trouble is that by then, the damage is already done. Unsafe or inconsistent data is already written. Costs rack up, audits get messy, and the noise spreads. I’ve spent the past year building Cerbi to handle this problem at the source. In-process, before the event ever leaves the app. It intercepts log events inside the provider, evaluates a governance profile, and decides what is safe to emit. Everything else gets sanitized or blocked. The goal is simple: govern logging behavior before it becomes telemetry debt. No pipeline rewrites. No fancy detours. Just safer, cleaner logs at emission time. #Logging #DevSecOps #PlatformEngineering #Governance #SoftwareArchitecture https://lnkd.in/eUFddyQB
-
Thomas Nelson posted thisA lot of teams trust their logs too early. We let anything through because it’s “just debug info” and figure we’ll clean it up downstream. But once that data is written, it’s too late. You can redact it, but you can’t unwrite it. Every breach report that traces back to a leaked secret or PII in logs makes this pretty clear. OWASP has been warning about it for years. It’s not a visibility problem. It’s a discipline problem at the source. I started building Cerbi because I wanted governance that happens before emission, inside the process, where the log event is still just an object. At that point you can decide if it’s safe, consistent, and allowed. By the time it hits a sink or a pipeline, you’ve already lost control. CerbiStream sits in-process for .NET apps, intercepts events from MEL, Serilog, or NLog, and applies governance rules from a JSON profile before anything leaves the app. It can block or sanitize fields in real time, tag violations, and forward only governed payloads. The async reporting path keeps the hot path clean. It’s not about replacing observability platforms. It’s about feeding them trustworthy data in the first place. #Logging #ApplicationSecurity #DevSecOps #SoftwareArchitecture #PlatformEngineering https://lnkd.in/eUFddyQB
-
Thomas Nelson reacted on thisThomas Nelson reacted on thisYesterday, I graduated from Harvard Extension School with a Masters of Liberal Arts - ALM, Information Management Systems with the Dean’s List Academic Achievement Award. As part of my group’s capstone project we created a technical enterprise-level transformation plan for a medical device company to meet the threat of HNDL, (Harvarst Now Decrypt Later), with Post-Quantum Cryptography. Something I’ve always been interested in since my undergraduate program classes on cryptography and quantum computing. I would never have reached this milestone without the support of my family and friends, classmates and professors, managers, and colleagues. A special shout out to my project teammates Robert Vernam and Julia Henry (and our entire class of 9) who made the capstone experience a true joy and rewarding experience. Onwards and upwards from here!
Experience & Education
-
Cerbi
View Thomas’s full experience
See their title, tenure and more.
or
Licenses & Certifications
-
-
-
-
-
-
-
-
-
-
Agile
-
Issued
Volunteer Experience
-
Helped design inventory system
West Louisville Ministries
- 5 months
Civil Rights and Social Action
It was fun, compelling, and it feels great to work on a project with smart people that helps others as an outcome.
Honors & Awards
-
Shining STAR Award
Rachana Pandey
For outstanding contribution to Humana's success
-
Yum Star Employee
Yum
Recommendations received
2 people have recommended Thomas
Join now to viewOther similar profiles
Explore more posts
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content