I’m Derran Guinan, a Field CTO at Veeam focused on cyber resilience, data protection, recovery, and the changing role of trust in technology.

Resilience Under Stress is where I write about what happens when the clean architecture diagram meets the real world.
Most organizations do not fail because they ignored security. They fail because they assumed too much: that prevention would hold, that backups were clean, that recovery would work, and that the right people would have the right information at the right time.
Stress exposes those assumptions.
I have spent more than 30 years working across cybersecurity, infrastructure, data protection, recovery, and pre-sales engineering. My background includes time at Veeam, Palo Alto Networks, and CrowdStrike, helping organizations understand risk, prepare for disruption, and make better technology decisions under pressure.
This site is not about chasing buzzwords. It is about the practical side of resilience: what breaks, what holds, what can be measured, and what leaders need to know before an incident forces the question.
I write for CISOs, CIOs, IT leaders, security teams, infrastructure teams, partners, and practitioners who are trying to move beyond confidence and build resilience they can actually prove.
Here you will find field notes on cyber resilience, data protection, recovery strategy, AI trust, security leadership, and the gap between what organizations believe and what they can validate.
Because in the end, resilience is not what you claim in a meeting.
It is what still works under stress.
What I Write About
| Cyber Resilience What happens after prevention fails, and how organizations prepare for disruption before they are forced to recover under pressure. | Field Notes Lessons from customer conversations, executive briefings, workshops, industry events, and real-world technology decisions. |
| AI and Trust How data exposure, governance, identity, and agentic systems are changing the way organizations think about trust. | Recovery Strategy How organizations move from assumed recoverability to tested, measured, and repeatable recovery capability. |
| Data Protection Why backup, immutability, isolation, recovery validation, and data visibility are now part of the security conversation. | Home-Lab Practical experiments with infrastructure, security tools, recovery workflows, and edge cases that help turn theory into tested understanding. |
Who This Site Is For
This site is written for security leaders, IT leaders, executives, partners, and practitioners who are responsible for protecting data, reducing risk, and proving that the business can recover.
It is for people who are tired of resilience being treated like a checkbox.
It is for teams that know the hard part is not writing the plan. The hard part is proving the plan still works when systems are degraded, pressure is high, and decisions have to be made quickly.
Point of View
Security reduces risk. Resilience determines outcome.
Backup is not the whole story, but it is often where the truth shows up.
Recovery is not just a technical function. It is a business capability.
Trust is no longer only about identity, access, and control. It is also about knowing where your data is, who can reach it, what can use it, and whether you can recover it when it matters.
That is the conversation this site is built around.