How the Segment Security Engineering Team approaches access to AWS/GCP roles and SaaS apps, and how they implemented a time-based, peer-reviewed access.

Security teams cannot simply rely on the AWS account boundary to limit access between environments. Instead, they must carefully audit IAM policies, resource policies, Organization membership, RAM shares, service-level integrations, and sometimes combinations of one of more of these options, in order to properly evaluate how data from one account is being sent to others.

You can scale your SOC and improve quality. Seems impossible? Not if you know how and what to measure. The crew that helped build Expel's SOC explain how they pulled it off.

Differences between Azure resources and Microsoft 365 can oftentimes be confusing but knowing these differences is key to helping you pivot and escalate privileges.

A detailed guide to help you to ensure that only signed images can get deployed on a cluster.

Ransomware targeting S3 is more than likely to simply delete your data and claim that it's being held ransom than actually encrypting it.

Detect intrusions that happened in your Kubernetes cluster through audit logs using Falco.

The Docker image format is a lot more transparent than it could be. A little detective work is needed, but a lot can be figured out just by pulling apart an image file.

In companies with high security constraints, it might be needed to install a Kubernetes cluster on machines without any internet access. This article shows how k0s manages air-gapped installations.

Deep dive into what package management vulnerabilities in the world of Ansible look like.

Quite a few patterns on how to safely use Docker Compose.

Lambda Containers are a great fit for performing tasks that require elevated privileges, especially if AWS IAM can control access. Running tasks with elevated privileges in an ephemeral manner is great for security, since there's nothing constantly running with that access.

kpexec is a kubernetes cli that runs commands in a container with high privileges.

A kubectl plugin for pushing OCI images through the Kubernetes API server.

KubeVela is a modern application platform that simplifies deploying and managing applications, based on Kubernetes and OAM.

RollingUpgrade provides a Kubernetes native mechanism for doing rolling-updates of instances in an AutoScaling group using a CRD and a controller.

A library of rules for Conftest used to detect misconfigurations within Terraform configuration files.

How to plan and deploy a PKI that enables certificates to be issued across a hybrid (cloud & on-premises) environment with a common root.

How to integrate AWS Control Tower, AWS SSO, and Okta as an external identity provider so that you can manage users, entitlements, accounts, and roles in Okta.

How to automatically scan for vulnerabilities in cross-account workloads on AWS.

Walkthrough oh how to set up a completely serverless Jenkins environment on AWS Fargate using Terraform.

Google Cloud's application development and continuous integration/continuous delivery (CI/CD) tools.

A set of open-source tools from Google Cloud Professional Services that provide export, analytics and reporting capabilities for multiple use-cases.