The Evolution of DevSecOps

The DevOps methodology offers organizations of all sizes from across all industries a framework for delivering value and responsiveness. Instead of traditional distinct development and operations teams, DevOps embraces multidisciplinary teams that use efficient practices that support continuous...

DNS as Code

Infrastructure as Code IaC and Continuous Delivery methods have become increasingly popular amongst development and operations teams as a means of maintaining high-performing websites...

DNS as Code

Infrastructure as Code IaC and Continuous Delivery methods have become increasingly popular amongst development and operations teams as a means of maintaining high-performing websites. Code repositories, build servers, and configuration management systems are now industry standards, as these tool...

trivy-action

Trivy Action GitHub Actionhttps://github.com/features/ac...

Integrate Security Into DevOps and IaC

This article provides recommendations on implementing security into your CI/CD and infrastructure as code pipeline, and most importantly, how to enable both security and DevOps to start speaking each other’s languages...

Principles of a Cloud Migration – Security W5H – The WHERE

“Wherever I go, there I am” -Security I recently had a discussion with a large organization that had a few workloads in multiple clouds while assembling a cloud security focused team to build out their security policy moving forward. It’s one of my favorite conversations to have since I’m not jus...

Podcast: Shifting Cloud Security Left With Infrastructure-as-Code

Companies are increasingly dealing with a slew of security and compliance issues across cloud services and containers – from AWS to Azure to Google Cloud. Infrastructure-as-Code IaC security capabilities can help companies shift their cloud security “left” to improve developer productivity, avoid...

Shift Well-Architecture Left. By Extension, Security Will Follow

A story on how Infrastructure as Code can be your ally on Well-Architecting and securing your Cloud environment By Raphael Bottino, Solutions Architect -- first posted as a medium article Using Infrastructure as CodeIaC for short is the norm in the Cloud. CloudFormation, CDK, Terraform, Serverles...

BinaryAlert - Serverless, Real-time & Retroactive Malware Detection

BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spread...