Breaking down CSA’s new CCZT exam, and it’s utility as a resource for GRC practitioners and technical security operators looking to learn more about Zero Trust

Aquia 2/26/24 Aquia 2/26/24

Exploring the GitHub Advisory Database for Fun and (No) Profit

Principal Security Engineer Dakota Riley dives into the GitHub Advisory Database, cross referencing with other data sources and looking for interesting trends

Aquia 2/23/24 Aquia 2/23/24

Has Your SaaS Gotten Sassy? Know When Your SaaS-to-SaaS Interconnections Have Gotten Too Loquacious

Know when SaaS-to-SaaS crosstalk has crossed the line.

Aquia 2/2/24 Aquia 2/2/24

Who Dropped the SBOM 💣? How to Size-Up Tooling in an Inchoate Space

16 things to look for when evaluating SBOM tooling.

Aquia 1/24/24 Aquia 1/24/24

The Importance of Threat Modeling for Building Secure Workloads in AWS

Assessing the impact and process of threat modeling workloads in AWS

Aquia 1/18/24 Aquia 1/18/24

Wait, I Needed That: Criticality Analysis

Exploring the important role of a criticality analysis in evolving the security posture of organizations, from a traditional and zero trust-focused perspective.

Aquia 1/5/24 Aquia 1/5/24

Cybersecurity Meets Pareto - The Three A's (AAA)

Authentication, Authorization, and Accounting

Aquia 12/22/23 Aquia 12/22/23

Secure Self-Hosted Runners for GitHub Actions Leveraging Amazon ECS

A review of security concerns relating to runners for GitHub Actions, and how you can securely manage your own self-hosted runners on Amazon ECS with Fargate.

Aquia 12/11/23 Aquia 12/11/23

I Sat for the CISSP Exam. I Passed. Here's How.

Steps I took to prepare for the CISSP exam.

Aquia 12/7/23 Aquia 12/7/23

The Top 4 SaaS Security Challenges and How To Overcome Them

Navigating the pitfalls of visibility, permissions, responsibility, and emerging threats.

Technical Blog

Benefits of Reverse Engineering Malware

Credential Harvesting URLs

Malware Using the Process Environment Block For Anti-Debugging

Container Security Best Practices

Developing with Python in Regulated Environments (FedRAMP Edition)

❄️ Snowflake Safe. The Importance of SaaS Governance

Breaking Down the NSA’s Guidance on Zero Trust Implementations for the Applications and Workloads Pillar

Don't get stung!🐝 A Peek Into Emerging Risks In AI Technologies and Organizational Strategies For Mitigation

Do you have Container Base Image CVEs? Switch to Alpine Linux to reduce CVEs!

How I Passed the New CSA Certificate of Competence in Zero Trust (CCZT) Exam, and Why You Should Take It Too

Exploring the GitHub Advisory Database for Fun and (No) Profit

Who Dropped the SBOM 💣? How to Size-Up Tooling in an Inchoate Space

Wait, I Needed That: Criticality Analysis

Cybersecurity Meets Pareto - The Three A's (AAA)

I Sat for the CISSP Exam. I Passed. Here's How.

The Top 4 SaaS Security Challenges and How To Overcome Them

Looking for additional technical content? Check out our archived Tributary Technical Blog.