Your 2021 Cloud Security Recommendations (Assuming 2020 Ever Ends) 2020. So THAT just happened. When it comes to cloud security, 2020 was like pouring rocket fuel onto a gasoline fire; our three…

The Tragedy of Security Dies on the Crucible of DevOps Security ain’t what it used to be. Or perhaps it’s always been this way and it merely seems different due…

Advanced Techniques for Defending AWS ExternalIDs and Cross-Account AssumeRole Access Last month Kesten Broughton at Praetorian Security released some great research on third party cloud security products using Amazon’s preferred…

The Overly-Complex Way CloudTrail and CloudWatch Events Work Together One of the most vexing issues in my cloud journey has been understanding how CloudTrail and CloudWatch Events work together. For…

Over the past year I’ve seen a huge uptick in interest for concrete advice on handling security incidents inside the cloud, with cloud native techniques. As organizations move their production…

We are working on our threat models here at DisruptOps, so I decided to refresh my knowledge of different approaches. One thing that quickly stood out is that nearly none…

A Security Pro’s Cloud Automation Journey Catch me at a conference and the odds are you will overhear my saying “cloud security starts with architecture and ends with automation.” I…

In Quick and Dirty: Building an S3 guardrail with Config we highlighted one of the big problems with Config: you need to set it up in each region of each account. Your…

If you see me speaking about cloud it’s pretty much guaranteed I’ll eventually say “Cloud security starts with architecture and ends with automation.” I’m nothing if not repetitive. This isn’t…