High Signal Security
Home
About
CFPs
2024
May 15, 2024
🔗 [tl;dr sec] Wiring a Winning Security Organization
May 13, 2024
*AST and *SPM: Acquisition Magnets
May 01, 2024
🔗 [tl;dr sec] open source - prompt-injection-defenses
April 29, 2024
Semgrep for Terraform Security
April 25, 2024
Intentionally Leaking AWS Access Keys - GitLab
April 24, 2024
🔗 Security is a Team Sport
April 21, 2024
10 Things Your First Security Hire Shouldn’t Do
April 10, 2024
🔗 [tl;dr sec] open source - awesome-secure-defaults
April 10, 2024
🔗 [Guest Post] Venture in Security - Customer love
April 01, 2024
Deciding on S3 Intelligent Tiering
February 25, 2024
The state of ABAC on AWS (in 2024)
February 14, 2024
Did your research: Prior Art for "15 ideas for cloud security research"
2023
December 09, 2023
Steampipe + Access Advisor
December 05, 2023
Quick Tip: Minimizing Terraformed SCPs
November 07, 2023
A History of Human Interaction Proofs
October 20, 2023
AWS SES Verification Phishing: A Fifth Way
August 03, 2023
Risk in AWS SSM Port Forwarding
July 25, 2023
Shipping RDS IAM Authentication (with a bastion host & SSM)
July 10, 2023
🔗 How to securely build product features using AI APIs
April 29, 2023
🔗 BSidesSF 2023 Panel (video)
March 29, 2023
A Guide to S3 Logging
March 07, 2023
Reducing Attack Surface with AWS Allowlisting
January 18, 2023
🔗 Startup Security Starter Pack
January 18, 2023
🔗 AWS Lambda Risks and Threats
January 17, 2023
AWS Could Do More About SSO Device Auth Phishing
2022
December 24, 2022
AWS Phishing: Four Ways
December 22, 2022
🔗 Datadog Security Labs: A retrospective on public cloud breaches of 2022, with Rami McCarthy and Houston Hopkins
December 06, 2022
🔗 tldrsec: StaffEng Security Stories
December 06, 2022
🔗 tldrsec: Buying Security
November 23, 2022
🔗 Breach List Database
July 31, 2022
Removing sensitive data from a Github repository
June 04, 2022
Buying Security: Bibliography
May 15, 2022
OWASP DevSlop: AWS (Customer) Security Incidents [2022]
February 03, 2022
Cedar: Defining Cedar's Security Values
2021
August 24, 2021
tl;dr sec: Cloud Security Orienteering
August 08, 2021
DEF CON Cloud Village 2021: Cloud Security Orienteering
2020
November 14, 2020
BSidesCT 2020: Learning from AWS (Customer) Security Incidents
September 26, 2020
BSides Boston 2020: AWS Security - Easy Wins and Enterprise Scale
August 18, 2020
An AWS IAM Security Tooling Reference
July 11, 2020
An offensive guide to the Authorization Code grant
July 03, 2020
Path to CCSK: Security Guidance v4 (Domains 1-7)
July 02, 2020
Path to CCSK: ENISA
April 28, 2020
Brandeis MS in Information Security Leadership
April 28, 2020
The Extended AWS Security Ramp-Up Guide
April 18, 2020
$ git blame 4: Quitten/Autorize
2019
November 09, 2019
BSidesCT 2019: Building Castles in the Cloud: AWS Security and Self-Assessment
October 28, 2019
sadcloud: Templating cloud misconfigurations
October 20, 2019
BASC 2019: AWS Cloud Security Fundamentals
July 31, 2019
Hardening Enterprise Chromebooks Part 3: Chrome Browser Configuration
July 31, 2019
Hardening Enterprise Chromebooks Part 2: ChromeOS Hardening
July 29, 2019
Hardening Enterprise Chromebooks Part 1: Baseline Security Posture
July 19, 2019
One Thousand Misspelled Security Headers
2017
December 07, 2017
Methodology: Learn Android Application Security Testing
December 06, 2017
$ git blame 3: MobSF/Mobile-Security-Framework-MobSF
December 06, 2017
$ git blame 1: michenriksen/bucketlist
December 06, 2017
$ git blame 2: michenriksen/aquatone