DevSecOps – A New Chance for Security?
A modified version of this article first appeared in DZone. I was recently browsing through the 20 latest DevSecOps reference architectures for 2018 and was struck by several things: each has a …
The Fundamental Security Concepts in AWS – Part 1 of 3
The Shared Responsibility Model Note: A modified version of this article was first published on DZone. When you begin working in AWS, the most important security (and, to a …
Should You Crowdsource Your Cardiologist?
Obviously not. Why is this so obvious? We’ll get back to this in a moment, but first I want to describe how a LinkedIn Invitation to Connect led to this …
Gilligan Must Die
Today, I want to write about cybersecurity people and practices, but first I need to take an aside, and talk a bit about Gilligan’s Island. You must be wondering …
Guns … C’mon
As for the gun-control debate — which, by the way, fades every few months — I am somewhat torn about the desirable scope of additional legislation, The Heller decision that established …
Steamboat Boiler Explosions & Coal Torpedo’s
The real problem is not whether machines think but whether men do. –B.F. Skinner In the U.S., safety & security almost always take a back seat behind commerce. This …
Some Interesting Companies at AWS Public Sector Summit — June 19-20, 2018
Some interesting new or repurposed cloud vendors Centrify: https://www.centrify.com/ — Zero-Trust Security. Identity as a Service. IAM, Privileged Access, Endpoint Authentication/Authorization CloudCheckr: https://cloudcheckr.com/ — Security & Compliance in AWS, GCP, …
Repetition Is Good: IT Automation
Automation is as central to DevOps as the ball is to soccer. IT automation is the use of instructions to create a repeatable process that replaces an IT professional’s manual …
When Nothing is Better than Something
Any reasonable information security system consists of two fundamental components: (1) a risk assessment; & (2) controls that minimize those risks. In this article I want to talk about the risk …
Cybersecurity is a Little Bit like a Lot of Other Things
Cybersecurity is a relatively new field. From a scientific or engineering point-of view, to call the field immature would be kind. The predominant metaphor within the field until the last …
Microservices: A brief explanation and some Hacking Suggestions
What is a Microservice? Microservices are small, autonomous programs that function as both data producers and data consumers, particularly between service boundaries within a virtualized cloud environment. 100-200 individual microservices might …
SonarQube Scanning in 15 Minutes
Note: A modified version of this article was first published in DZone. It has been sometime since I’ve seen an updated SonarQube tutorial here on DZone, so I thought that …