The article discusses the importance of modern enterprise identity in the context of cloud-native technologies. It highlights the key building blocks of identity, including authentication, authorization, and identity governance, and emphasizes the need for a comprehensive and scalable identity solution to ensure security and compliance in the cloud.

A surprising AWS Systems Manager Session Manager (SSM) default that can introduce risk, especially for customers using SSM's Port Forwarding features.

A basic guide to getting RDS IAM Authentication set up when you're using a Private Endpoint.

Post exploring some methods that an adversary can use to create backdoors in your AWS account: access keys, AssumeRole, changing Security Groups, UserData scripts, and SSM Send-Command.

A look at how AppArmor and SELinux are used in Linux and container systems.

A security checklist to understand the basics of authentication, authorization, audit logging, and admission control of Kubernetes.

The article discusses how to build smaller Docker images for Kubernetes by using rootless and non-shell configurations. It provides step-by-step instructions and code examples to help optimize container images.

The architecture and considerable number of enabled/delegated service possibilities in AWS Organizations presents a serious vector for lateral movement within corporate environments. This could easily turn a single AWS account takeover into a multiple account takeover.

An example showing how to use the new Common Expression Language (CEL) to declare validation rules.

Gatekeeper can now integrate with Kubernetes Validating Admission Policy based on Common Expression Language (CEL).

Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management. You can also refer to the companion blog post.

HashiCorp-relevant rules for the Semgrep code analysis tool.

POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF.

Securely connect to RDS and other AWS resources in a VPC with no idle cost.

This post is a deep dive into the design of Cedar, an open source language for writing and evaluating authorization policies.

How AWS developed a mechanism to scale security processes and expertise by distributing security ownership between security teams and development teams.

AWS announced further control over the location of your data.

You can now use IAM condition context keys with AWS Certificate Manager (ACM) to help ensure that users are issuing certificates that conform to your organization's public key infrastructure (PKI) guidelines.

Google announced new zero trust, digital sovereignty, and threat defense controls powered by Google AI to help organizations keep their data safe.

Visa is looking for a Security Engineer to serve as a subject matter expert and technical lead in the IAM team for various Cloud Security deployments.

Snowflake is looking for new members for their Cloud Security Assurance team, responsible for maintaining (and raising) the security bar across their production cloud environments.

Vanguard is looking for security engineers with Azure experience.

The LastPass Product Security team is looking for a Staff/Principal Cloud Security Engineer candidate to join their team and help them ensure the privacy and security of their company and user's data.