A good article discussing #kuberenets Roled Based Access Control (RBAC) RBAC is a key aspect of securing Kubernetes clusters and the workloads running on top of them. This article walks through two different user examples, incl…lnkd.in/eGbCk3WK lnkd.in/eUxifDQU

In one of my latest articles with Acceleration Economy I discuss some of the challenges of Identity and Access Management (IAM) in Multi-Cloud environments. I touch on: - Permissions and Access Control in Multi-Cloud - Facilita…lnkd.in/e9fNF3qT lnkd.in/eTaXmV9c

Business/Developer’s: Security is causing us too much friction The friction: #cybersecurity #business #software lnkd.in/eEyxmspv

In one of my latest articles with Acceleration Economy I discuss some of the challenges of Identity and Access Management (IAM) in Multi-Cloud environments. I touch on: - Permissions and Access Control in Multi-Cloud - Facilitat…lnkd.in/ea2vgKP6 lnkd.in/eTaXmV9c

Developers/Business: Security is causing too much friction. The friction: #security #business lnkd.in/eaR8dysT

Shout out to my friend AJ Yawn In the world that is the facade of social media, AJ has always kept his founders journey entirely transparent. The good the bad, the wins the losses, the joy the stresses - the toll. We need more authenticity in this s…lnkd.in/g-wA8byw

Software has, and is, changing the world. It’s changed the way we produce and deliver goods and services. It’s changed how we interact with clients, customers and partners. It’s changed the way we interact inside and across businesses. It’s even cha…lnkd.in/gckRgNQQ

Another excellent whitepaper from the GitGuardian team, once again not behind a email signup or anything either. This one focuses on Protecting the Modern Software Factory and focuses on next steps for DevOps, Challenges to Overcome and the Shared Secur…lnkd.in/gDwV3fbh

It’s a day of the year where I have to admit to my IT/Cyber peers that I’ve never seen Star Wars I’m sorry to let you all down. #cyber #starwars

National Institute of Standards and Technology (NIST) has just released the final version of 800-161 r1 "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations". This guidance comes at a critical time, as the software supply c…lnkd.in/gYd3WTMN

I'm a big fan of excellent writing and articles and War on the Rocks puts out some great ones. That's why I was excited to see them publish an article on the Open Source Software (OSS) and Software Supply Chain challenges, and it…lnkd.in/gyyRG9dR lnkd.in/ghGA_RjW

Yes, another Software Supply Chain Security post today, no I'm not sorry. -- "The Office of Management and Budget is preparing to release new requirements around software supply chain and cybersecurity, according to a top federal…lnkd.in/gBb4_3qb lnkd.in/gQT8DksU

About a month ago I had the chance to join NDIA New England to speak on a panel titled "Zero Trusts Given" with Dave Lago, Patrick Perry and moderator Ryan Heidorn The recording for our talk, which starts at the 1 hour 45 minute mark, along with the rest…lnkd.in/gkBNtyW2

Awesome article comparing Falco and GuardDuty for Amazon Web Services (AWS) EKS Threat Detection by two of my colleagues Dustin Whited and Dakota Riley They discuss: - Kubernetes adoption - Shared Responsibility Model in the con…lnkd.in/gXne_NKX lnkd.in/gvZAFiav

Excellent article discussing the value and shortfalls of SBOM’s for software supply chain security and how coupling SBOM with SLSA helps fill some gaps. It touches on: - Responding to build tampering attacks such as Solarwinds an…lnkd.in/g95rje8z lnkd.in/gd3wz-ZJ

PiPI package "keep" used a malicious version of "requests" as a dependency. It was used to steal passwords. These attacks keep coming. bleepingcomputer.com/news/security/…

As an industry we’re best-practices rich and implementation poor.

The Elusive Built-in not Bolted-on A look at CISA's "Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default" publication via ⁦Christopher Hughes⁩

“It’s important to influence designers of future computers and software so that security controls can be installed before the fact and as an integral part of the system”

Public Service Announcement (PSA). Free and Open Source Software (FOSS) contributors/maintainers are not your suppliers. That is all.