
The Top 4 SaaS Security Challenges and How To Overcome Them
Navigating the pitfalls of visibility, permissions, responsibility, and emerging threats.

How to Sign Container Images Using Cosign
A demo of signing a container image using Cosign with a Cosign locally generated key and an AWS KMS key.

Signing Software Artifacts With Cosign
Learn about the importance of signing software artifacts using Cosign to help secure the software supply chain.

SaaS Governance - A Critical Industry Need
A critical industry need that shows no signs of slowing down!


Resiliency, Cyber Risk, and Injury Prevention
There are many challenges in data-driven risk reduction. Sports Injury Prevention offers an apt analogy for discussing the mindsets involved in building resilient architectures.

“So, You’re Building a Purple Team?”
Having built and scaled Purple Team programs at every organizational level, we can tell you that no two are the same. Before you start your own, check out our tips for ensuring your team’s success.

The Benefits Of Using SaaS Security Posture Management (SSPM)
Exploring what SSPM is and the benefits of leveraging it in your security stack

Introducing KEV Bot, Our Known Exploited Vulnerabilities Bot
An introduction to Aquia's KEV notification system

Taking The New Secrets Manager Lambda Extension For a Spin
Walkthrough on using the new Lambda Extension to retrieve secrets, and comparison against using Boto3

The Importance of Internal Cloud Security Standards
Why an internal cloud security standard is important and how to create one

AWS Re:Invent 2022 Security Recap and Top 5 Releases
We collected the security relevant AWS releases and announcements from this years reinvent!

Exploit Prediction Scoring System (EPSS)
A look at the Exploit Prediction Scoring System (EPSS) for vulnerability management

OWASP Software Component Verification Standard (SCVS)
A look at some of the fundamental controls for each of the SCVS levels

Book Club: Cloud Native DevOps with Kubernetes
Five Meaningful Takeaways I hope you find useful from Cloud Native DevOps with Kubernetes by John Arundel and Justin Domingus

An Incomplete Look at Vulnerability Databases & Scoring Methodologies
A look at some of the fundamental vulnerability databases and scoring methodologies currently in use in the industry

How I Passed the AWS Certified Security - Specialty Exam
Tips and recommended materials used to pass the exam.


Threat Detection on EKS – Comparing Falco and GuardDuty For EKS Protection
A comparison of Falco and GuardDuty for EKS Protection.

Psychological Safety: Easier Said than Done
Knowing is only the first step. Doing takes practice.

Psychological Safety
Learn about psychological safety, its importance, and how to foster it in your teams.

Auto Remediation with Eventbridge, Step Functions, and the AWS SDK Integration
Learn how to use the AWS SDK for Step Functions to auto-remediate findings.

Supply Chain Risk Management
Supply chain security is rapidly becoming a top concern of most technology and security leaders. This article will examine some of the background, relevant efforts, incidents and best practices around securing the software supply chain.

Using Semgrep to find security issues and misconfigurations in AWS Cloud Development Kit projects
Learn how to find security issues and misconfigurations in AWS Cloud Development Kit projects with Semgrep.