Technical Blog
Understanding the Importance of Gap Assessments as a Governance, Risk, and Compliance Apprentice
Gap Assessments - Applicable to systems, and personal growth!
Announcing the Amazon GuardDuty Runbook Generator
An open-source tool to kickstart runbook creation
Aquia Open Source Contributions - Adding a CISA KEV Enrichment Table to Matano
Principal Security Engineer Dakota Riley writes about contributing CISA KEV Enrichment Tables to Matano
SaaS Governance - A Critical Industry Need
A critical industry need that shows no signs of slowing down!
Resiliency, Cyber Risk, and Injury Prevention
There are many challenges in data-driven risk reduction. Sports Injury Prevention offers an apt analogy for discussing the mindsets involved in building resilient architectures.
So, You’re Building a Purple Team?
Having built and scaled Purple Team programs at every organizational level, we can tell you that no two are the same. Before you start your own, check out our tips for ensuring your team’s success.
Introducing KEV Bot, Our Known Exploited Vulnerabilities Bot
An introduction to Aquia's KEV notification system
Taking The New Secrets Manager Lambda Extension For a Spin
Walkthrough on using the new Lambda Extension to retrieve secrets, and comparison against using Boto3
The Importance of Internal Cloud Security Standards
Why an internal cloud security standard is important and how to create one
AWS Re:Invent 2022 Security Recap and Top 5 Releases
We collected the security relevant AWS releases and announcements from this years reinvent!
Exploit Prediction Scoring System (EPSS)
A look at the Exploit Prediction Scoring System (EPSS) for vulnerability management
OWASP Software Component Verification Standard (SCVS)
A look at some of the fundamental controls for each of the SCVS levels
Book Club: Cloud Native DevOps with Kubernetes
Five Meaningful Takeaways I hope you find useful from Cloud Native DevOps with Kubernetes by John Arundel and Justin Domingus
An Incomplete Look at Vulnerability Databases & Scoring Methodologies
A look at some of the fundamental vulnerability databases and scoring methodologies currently in use in the industry
How I Passed the AWS Certified Security - Specialty Exam
Tips and recommended materials used to pass the exam.
Threat Detection on EKS – Comparing Falco and GuardDuty For EKS Protection
A comparison of Falco and GuardDuty for EKS Protection.
Auto Remediation with Eventbridge, Step Functions, and the AWS SDK Integration
Learn how to use the AWS SDK for Step Functions to auto-remediate findings.