Writing
Blog
Writing on cloud security, penetration testing, and the industry.
-
A Consultant's Opinionated Notes on Traveling
In my decade as a consultant, I've done my fair share of local and international travel. This post sums up many of the things I've learned the hard way over the years.
-
I Reviewed 500+ fwd:cloudsec Submissions, These Are My Key Takeaways
As a reviewer for both fwd:cloudsec events, I get to see a wide range of conference submissions every year. These are my key takeaways from reviewing 500+ submissions.
-
On AWS Penetration Testing
This post covers what the point of a penetration test against an AWS workload is, what a penetration testing program should look like, and how to make it a success.
-
Breaking Into Cloud Security
Cloud security is an area of the industry with some of the biggest skill shortages. This post lays out advice and direction on how to build the knowledge and approaches you'll need to succeed.
-
A Review of the AWS Security Model
AWS have released their own security maturity model. Does it stack up against what we're seeing in real-world attacks, or the approaches being suggested by the rest of the AWS security community?
-
AWS Access Keys - A Reference
AWS Access Keys are the credentials used to provide programmatic or CLI-based access to the AWS APIs. This post outlines what they are, how to identify the different types of keys, where you're likely to find them across the different services, and the order of access precedence for the different SDKs and tools.