Advanced AWS Security Architecture

Most articles on AWS security rightfully spend a lot of time talking about the basics, such as setting up minimized IAM roles, encrypting data, and basic monitoring. It is more difficult to find guidance and specific implementation recommendations on advanced, automated security configurations. In this series of articles, I will

Deploying Docker Securely

Docker is a fantastic piece of technology for teams. Some time ago, I published a series of articles on building a docker security program, which covers doing a threat assessment, image static and runtime analysis, and overall container patching and maintenance. I was asked recently about deployment security, which was

Empathizing With Threat Actors

Empathy is a powerful tool in human relationships, but often it seems to be disregarded when talking about more technical realms such as security. Sometimes even talking about empathizing with a threat actor causes discord: throughout history, empathizing with an enemy has often been seen by the masses at best