Best practices for managing secrets when building and deploying applications.

CloudFormation templates and walk-through to setup detailed security logging in multiple AWS accounts, centralized into a security account.

Setup and use System and Session Manager to replace bastion hosts for SSH and RDS tunnels. Automate security tasks on servers with automation documents.

A series of articles implementing advanced security controls on AWS, leveraging build in aws security tooling and security best practices.

Common docker deployment pitfalls and how to mitigate them when deploying a container to infrastructure you control.

A description of each security header, why it is important, and how to configure your website in a secure way.

Setup a continuous integration pipeline with automated ZAP scanning on a vulnerable application. A complete guide.

Walkthrough setting up Jenkins, SonarQube, and Dependency check with an out of the box docker configuration for rapid startup.

A roadmap for automating security tooling and integrating with agile development teams to improve security outcomes.

Let's walk through setting up a modern application security program from scratch, starting with the high level strategy and metrics.