Tributary

01 May 2025

A FedRAMP focused guide when developing in Python

06 June 2024

Effective SaaS Governance. A view into how Snowflake can remain safe.

03 June 2024

A snapshot into various risks posed by modern AI technologies

03 June 2024

A look at how the NSA’s guidance aims to simplify incorporating Zero Trust principles into enterprise networks

31 May 2024

Exploring what this buzzword means and how it can lay the foundation for a more effective security practice when approached correctly

28 May 2024

The CMS SEAS IT AI contract is a forward-thinking blueprint for the future of government healthcare systems. Learn more about the top five reasons why it's a contract to watch.

24 May 2024

Switch to Alpine Linux to reduce CVEs!

22 May 2024

How apprenticeships can help us close the cyber employment gap and help us win the cyber war

21 May 2024

Learn more about changes driven by an updated FedRAMP roadmap, RFQ for a GRC solution, and pen testing guidance for public comment.

15 May 2024

After nearly two years of waiting, NIST SP 800-171 Revision 3 is final. Here are the major changes to consider.

13 May 2024

Unlock the key to selecting the right service provider for your FedRAMP ConMon needs. Explore the 10 essential questions to ask, empowering you to evaluate effectiveness and ensure compliance.

09 May 2024

FedRAMP Governing Body Making Major Changes

08 May 2024

How and why product-based paradigms drive valuable outcomes for organizations.

02 May 2024

A Fresh Federal Perspective at Axonius Adapt and How it Impacts Zero Trust Security

04 April 2024

Aquia and AWS hosted the 2024 Cloud Compliance Summit on March 19. Looking for an overview of the topics discussed? We've got you covered!

26 March 2024

Breaking down CSA’s new CCZT exam, and it’s utility as a resource for GRC practitioners and technical security operators looking to learn more about Zero Trust

08 March 2024

Navigating the FedRAMP Equivalency Memo and DoD Regulations

26 February 2024

Principal Security Engineer Dakota Riley dives into the GitHub Advisory Database, cross referencing with other data sources and looking for interesting trends

23 February 2024

Know when SaaS-to-SaaS crosstalk has crossed the line.

05 February 2024

A walkthrough of Hack The Box's Sau

02 February 2024

16 things to look for when evaluating SBOM tooling.

24 January 2024

Assessing the impact and process of threat modeling workloads in AWS

18 January 2024

Exploring the important role of a criticality analysis in evolving the security posture of organizations, from a traditional and zero trust-focused perspective.

16 January 2024

Understanding the FedRAMP Authorization & DoD Impact Levels, and how they align

05 January 2024

Authentication, Authorization, and Accounting

22 December 2023

A review of security concerns relating to runners for GitHub Actions, and how you can securely manage your own self-hosted runners on Amazon ECS with Fargate.

11 December 2023

Steps I took to prepare for the CISSP exam.

07 December 2023

Navigating the pitfalls of visibility, permissions, responsibility, and emerging threats.

03 December 2023

A recap of the releases from around Re:Invent!

28 November 2023

Gap Assessments - Applicable to systems, and personal growth!

17 November 2023

Challenges to breaking into cybersecurity, and how one career-pivoter overcame them

13 November 2023

A recap of the talk-turned-workshop I presented at the inaugural Threat Modeling Convention (ThreatModCon).

30 October 2023

Aquia President Chris Hughes in this article breaks down the recently published Modernizing FedRAMP Memo from the Office of Manangement and Budget (OMB) and discusses key implications for the future of FedRAMP and its impact on the Federal and commercial cloud markets

19 October 2023

Aquia GRC Apprentice Elif Sumner writes about her experience attending the Women in Cyber (WiCyS) conference

11 October 2023

Breaking into cybersecurity as a career-pivoting woman with a non-technical background

31 August 2023

An open-source tool to kickstart runbook creation

15 August 2023

Why a CSP should make a significant investment into FedRAMP authorization

30 July 2023

Principal Security Engineer Dakota Riley writes about contributing CISA KEV Enrichment Tables to Matano

18 July 2023

A recap of re:Inforce and Aquia's team members' experience

29 June 2023

A walkthrough of Hack The Box's Soccer

22 May 2023

A walkthrough of Hack The Box's Precious

26 April 2023

An open-source service control policies management tool

25 April 2023

A demo of signing a container image using Cosign with a Cosign locally generated key and an AWS KMS key.

25 April 2023

Learn about the importance of signing software artifacts using Cosign to help secure the software supply chain.

27 March 2023

A critical industry need that shows no signs of slowing down!

20 March 2023

There are many challenges in data-driven risk reduction. Sports Injury Prevention offers an apt analogy for discussing the mindsets involved in building resilient architectures.

22 February 2023

Having built and scaled Purple Team programs at every organizational level, we can tell you that no two are the same. Before you start your own, check out our tips for ensuring your team’s success.

08 February 2023

Exploring what SSPM is and the benefits of leveraging it in your security stack

11 January 2023

An introduction to Aquia's KEV notification system

01 January 2023

Walkthrough on using the new Lambda Extension to retrieve secrets, and comparison against using Boto3

21 December 2022

Why an internal cloud security standard is important and how to create one

04 December 2022

We collected the security relevant AWS releases and announcements from this years reinvent!

03 November 2022

We're proud to share an update to Aquia's company values

20 October 2022

A look at the Exploit Prediction Scoring System (EPSS) for vulnerability management

04 October 2022

A look at some of the fundamental controls for each of the SCVS levels

26 September 2022

Five Meaningful Takeaways I hope you find useful from Cloud Native DevOps with Kubernetes by John Arundel and Justin Domingus

29 August 2022

A look at some of the fundamental vulnerability databases and scoring methodologies currently in use in the industry

28 June 2022

How To Plan And Prioritize Your Day

17 May 2022

Tips and recommended materials used to pass the exam.

06 May 2022

A comparison of Falco and GuardDuty for EKS Protection.

22 April 2022

Knowing is only the first step. Doing takes practice.

06 April 2022

Learn about psychological safety, its importance, and how to foster it in your teams.

11 March 2022

Learn how to use the AWS SDK for Step Functions to auto-remediate findings.

06 March 2022

Supply chain security is rapidly becoming a top concern of most technology and security leaders. This article will examine some of the background, relevant efforts, incidents and best practices around securing the software supply chain.

18 February 2022

Learn how to find security issues and misconfigurations in AWS Cloud Development Kit projects with Semgrep.

11 February 2022

Aquia's Mission Description.

04 February 2022

Today I wanted to take some time to reflect on our culture, our values, and our mission.