Cloud Security

Leveraging EC2 IAM role profiles with the AWS Python SDK

Why is my security team bugging me?

Remember to consider cybersecurity risk!

Risk mitigation comes down to trade-offs and personal choices

A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers

Optimizing the model for better results and turning corners

The risk associated with inclusion of externally-hosted code on websites and how to mitigate it

Applying ML to autonomous cars and security problems

Highly technical women doing amazing things in tech

HIDS, HIPS, NIDS, NIPS — what’s the difference, and why does it matter?

Give me all your cookies! OK.

Security is principally about managing risk. The more commonly exploited and dangerous ports you have exposed to the Internet…

What did you do with that penetration test, audit, assessment, or bug bounty report?

I’m writing a modern book on cybersecurity for executives ~ one blog post at a time. Here’s a list of the posts I’ve written so far.

Most experienced technical professionals will likely tell you they are contacted by recruiters more than once a month if not once per day…

Why your current cybersecurity policies are probably ineffective

How AWS re:Invent 2014 GameDay got me started

Step by step approach to using Zoom on Amazon Workspaces

One of the first techniques I learned for penetration testing was something called Arp Cache Poisoning…

Limited resources and new to security — where do I start?

Credentials for cloud penetration tests and security assessments

Sample Findings from 2nd Sight Lab Penetration Tests

→ Keep the ball away from the attacker.

How I learned DevSecOps, helped two companies move to cloud, built a secure CI/CD pipeline, authored and now teach cloud security classes

Zooming in the cloud for potentially improved security

Steps by step instructions to connect to an AWS EC2 Instance from a Google Chromebook

Do you ever need a public AWS S3 bucket? Not really. How security teams can make sure that never happens.

Getting girls interested in cloud, programming, and security

Thoughts on the Capital One breach by a former Capital One software engineer, team lead, cloud engineer, and security employee

When encryption at rest won’t come to the rescue.