Posts by Category

security

A History of Human Interaction Proofs

7 minute read

On Sequoia Capital’s Crucible Moments podcast, Paypal co-founder Max Levchin recounted the company’s early struggle to combat fraud. Their breakthrough came ...

Risk in AWS SSM Port Forwarding

4 minute read

I recently stumbled on a suprising AWS Systems Manager Session Manager (SSM) default that can introduce risk, especially for customers using SSM’s Port Forwa...

A Guide to S3 Logging

7 minute read

12/13/23: This post has been updated with details on leveraging Date Partitioning. 11/20/23: AWS has lauched Data Partitioning for S3 Access Logs. I strongly...

🔗 Breach List Database

less than 1 minute read

A meta-database collecting resources that compile lists of (security) incidents

Buying Security: Bibliography

14 minute read

On June 4th, 2022 - I gave the talk “Buying Security: A Client’s Guide” at BSidesSF. I simultaneously released a guide on the same topic over on tldrsec. Bot...

tl;dr sec: Cloud Security Orienteering

less than 1 minute read

On August 23rd, 2021, I published a version of my Cloud Security Orienteering DEFCON Cloud Village talk with my friend Clint Gibler over at tl;dr sec. For po...

An AWS IAM Security Tooling Reference

4 minute read

Identity and Access Management (IAM) is a cornerstone of security. AWS IAM is the cloud provider’s native service for securely managing access to AWS resourc...

Path to CCSK: ENISA

8 minute read

The CCSK is the Cloud Security Alliance’s Certificate of Cloud Security Knowledge. It is one of the top two cloud-agnostic security certifications, along wit...

BASC 2019: AWS Cloud Security Fundamentals

1 minute read

On October 19th, 2019, I gave a 4-hour workshop at Boston Application Security Conference (BASC), with my coworker Josh Dow (@0xJDow). The details are record...

Back to Top ↑

cloudsec

Risk in AWS SSM Port Forwarding

4 minute read

I recently stumbled on a suprising AWS Systems Manager Session Manager (SSM) default that can introduce risk, especially for customers using SSM’s Port Forwa...

A Guide to S3 Logging

7 minute read

12/13/23: This post has been updated with details on leveraging Date Partitioning. 11/20/23: AWS has lauched Data Partitioning for S3 Access Logs. I strongly...

tl;dr sec: Cloud Security Orienteering

less than 1 minute read

On August 23rd, 2021, I published a version of my Cloud Security Orienteering DEFCON Cloud Village talk with my friend Clint Gibler over at tl;dr sec. For po...

An AWS IAM Security Tooling Reference

4 minute read

Identity and Access Management (IAM) is a cornerstone of security. AWS IAM is the cloud provider’s native service for securely managing access to AWS resourc...

BASC 2019: AWS Cloud Security Fundamentals

1 minute read

On October 19th, 2019, I gave a 4-hour workshop at Boston Application Security Conference (BASC), with my coworker Josh Dow (@0xJDow). The details are record...

Back to Top ↑

syndicated

tl;dr sec: Cloud Security Orienteering

less than 1 minute read

On August 23rd, 2021, I published a version of my Cloud Security Orienteering DEFCON Cloud Village talk with my friend Clint Gibler over at tl;dr sec. For po...

Back to Top ↑

development

Back to Top ↑

talks

BASC 2019: AWS Cloud Security Fundamentals

1 minute read

On October 19th, 2019, I gave a 4-hour workshop at Boston Application Security Conference (BASC), with my coworker Josh Dow (@0xJDow). The details are record...

Back to Top ↑

ccsk

Path to CCSK: ENISA

8 minute read

The CCSK is the Cloud Security Alliance’s Certificate of Cloud Security Knowledge. It is one of the top two cloud-agnostic security certifications, along wit...

Back to Top ↑

masters

Back to Top ↑