Cloud Security
Cybersecurity in a Cloudy World
What’s in your cloud?
What’s in your cloud?
Thoughts on the Capital One breach by a former Capital One software engineer, team lead, cloud engineer, and security employee
Cybersecurity for Executives: Table of Contents
Cybersecurity for Executives: Table of Contents
I’m writing a modern book on cybersecurity for executives ~ one blog post at a time. Here’s a list of the posts I’ve written so far.
People don’t just give you respect, you have to earn it.
People don’t just give you respect, you have to earn it.
Here’s where I start to learn what it’s like to be a woman in tech and to work in Corporate America.
Exponential increases in cyber risk from Internet exposure
Exponential increases in cyber risk from Internet exposure
If you think about how breaches occur there is almost always some sort of Internet exposure involved. How many of your systems are exposed?
How to never have a public S3 bucket
How to never have a public S3 bucket
Do you ever need a public AWS S3 bucket? Not really. How security teams can make sure that never happens.
How network traffic got me into cybersecurity
How network traffic got me into cybersecurity
Also — being paid by a large hosting company to go away after reporting a security incident, and other strange events.
Cybersecurity Strategy for Executives
Cybersecurity Strategy for Executives
Strategies for executives looking for ways to deal with cybersecurity more effectively
Cybersecurity for Executives
Cybersecurity for Executives
What executives and board members need to know about cybersecurity.
Tips for recruiting cloud and security professionals
Tips for recruiting cloud and security professionals
Most experienced technical professionals will likely tell you they are contacted by recruiters more than once a month if not once per day…
CVEs: Security Bugs that Bite
CVEs: Security Bugs that Bite
What is a CVE and why is it important? Cybersecurity for Executives.
IoT Security ~ AWS 1-Click Buttons
IoT Security ~ AWS 1-Click Buttons
I mentioned in my post for the AWS Blog that I would explain later why I used an AWS IoT Button for just-in-time access to a VPN…
Why one of your favorite pen testing techniques doesn’t work on AWS
Why one of your favorite pen testing techniques doesn’t work on AWS
One of the first techniques I learned for penetration testing was something called Arp Cache Poisoning…
How a just-in-time VPN access might have helped in the case of the APT10 attacks
How a just-in-time VPN access might have helped in the case of the APT10 attacks
Just in case you missed it — I did a blog post for AWS using an AWS IoT Button to open up network access to a VPN. Sometimes people say…
A woman in tech: Where it begins
A woman in tech: Where it begins
I am a woman in tech and cybersecurity. At the moment I focus on cloud security. This is my story.
Cloud Security: Defensive Strategies
Cloud Security: Defensive Strategies
→ Keep the ball away from the attacker.
The SANS GSE
The SANS GSE
What’s it like to take one of the hardest cybersecurity certifications in the industry — and pass!
If you live in the USA, I’ve been to your state — and I’d like to come back!
If you live in the USA, I’ve been to your state — and I’d like to come back!
One day a silly little Facebook poll was going around. “How many states have you visited? Airports don’t count.” I wrote down all the…
High-risk ports: The chink in your network armor
High-risk ports: The chink in your network armor
Security is principally about managing risk. The more commonly exploited and dangerous ports you have exposed to the Internet…
20 Cybersecurity Questions for Executives to Ask Security Teams
20 Cybersecurity Questions for Executives to Ask Security Teams
Twenty cybersecurity questions executives can ask their security team to uncover problems that could lead to a data breach.