Mark Sayson

Software engineering tech lead building security and privacy infrastructure, focused on simplifying how organizations implement security and privacy across distributed systems.

I write about software architecture, distributed systems, AWS, information security, and privacy engineering.

Selected Articles

Why data deletion is still an unsolved infrastructure problem

May 31, 2026: Why data deletion is the hardest privacy challenge in modern distributed systems.

Process for designing distributed systems

May 31, 2023: This post presents a structured approach to designing distributed systems, along with example questions and artifacts used at each stage.

Concurrency from single host applications up to massively distributed services

Dec 1, 2023: This post will describe several levels of concurrency, how they're commonly applied, and pros and cons of each approach.

Strategies for querying periodic S3 data snapshots

May 31, 2025: A common AWS analytics pattern involves running aggregate queries across multiple S3 datasets. This post explores approaches for syncing and querying S3 snapshot data, with a focus on maintaining consistent access to complete datasets during ongoing data updates.

Using AWS Organizations to standardize security controls across AWS accounts

May 7, 2025: AWS Organizations provide a helpful, zero-cost way to centralize management of AWS accounts, with support for consolidating billing, role-based permission sets, service and resource control policies, and AWS service configurations.

Diving into the Essential Eight strategies to mitigate security incidents part 2: limiting blast radius and recovering

Nov 18, 2019: This is the second part of a deep dive into the ACSC Essential Eight, covering the final four security controls for reducing enterprise risk. It reviews ISM controls, maturity levels, and practical implementation guidance to help teams operationalize these safeguards.

View all posts