Technical Blog
Developing with Python in Regulated Environments (FedRAMP Edition)
A FedRAMP focused guide when developing in Python
❄️ Snowflake Safe. The Importance of SaaS Governance
Effective SaaS Governance. A view into how Snowflake can remain safe.
Do you have Container Base Image CVEs? Switch to Alpine Linux to reduce CVEs!
Switch to Alpine Linux to reduce CVEs!
How I Passed the New CSA Certificate of Competence in Zero Trust (CCZT) Exam, and Why You Should Take It Too
Breaking down CSA’s new CCZT exam, and it’s utility as a resource for GRC practitioners and technical security operators looking to learn more about Zero Trust
Exploring the GitHub Advisory Database for Fun and (No) Profit
Principal Security Engineer Dakota Riley dives into the GitHub Advisory Database, cross referencing with other data sources and looking for interesting trends
Has Your SaaS Gotten Sassy? Know When Your SaaS-to-SaaS Interconnections Have Gotten Too Loquacious
Know when SaaS-to-SaaS crosstalk has crossed the line.
Who Dropped the SBOM 💣? How to Size-Up Tooling in an Inchoate Space
16 things to look for when evaluating SBOM tooling.
Wait, I Needed That: Criticality Analysis
Exploring the important role of a criticality analysis in evolving the security posture of organizations, from a traditional and zero trust-focused perspective.
Cybersecurity Meets Pareto - The Three A's (AAA)
Authentication, Authorization, and Accounting
I Sat for the CISSP Exam. I Passed. Here's How.
Steps I took to prepare for the CISSP exam.
The Top 4 SaaS Security Challenges and How To Overcome Them
Navigating the pitfalls of visibility, permissions, responsibility, and emerging threats.
Aquia Open Source Contributions - Adding a CISA KEV Enrichment Table to Matano
Principal Security Engineer Dakota Riley writes about contributing CISA KEV Enrichment Tables to Matano
Resiliency, Cyber Risk, and Injury Prevention
There are many challenges in data-driven risk reduction. Sports Injury Prevention offers an apt analogy for discussing the mindsets involved in building resilient architectures.
So, You’re Building a Purple Team?
Having built and scaled Purple Team programs at every organizational level, we can tell you that no two are the same. Before you start your own, check out our tips for ensuring your team’s success.
Introducing KEV Bot, Our Known Exploited Vulnerabilities Bot
An introduction to Aquia's KEV notification system
Taking The New Secrets Manager Lambda Extension For a Spin
Walkthrough on using the new Lambda Extension to retrieve secrets, and comparison against using Boto3
The Importance of Internal Cloud Security Standards
Why an internal cloud security standard is important and how to create one