Tributary

Dakota Riley
26 February 2024

Exploring the GitHub Advisory Database for fun and (no) profit

Principal Security Engineer Dakota Riley dives into the GitHub Advisory Database, cross referencing with other data sources and looking for interesting trends

Will Lindsey
05 February 2024

Hack The Box Sau Walkthrough

A walkthrough of Hack The Box's Sau

Maril Vernon
24 January 2024

The Importance of Threat Modeling for Building Secure Workloads in AWS

Assessing the impact and process of threat modeling workloads in AWS

Mack Wartenberger
Jeff Bond
18 January 2024

Wait, I Needed That: Criticality Analysis

Exploring the important role of a criticality analysis in evolving the security posture of organizations, from a traditional and zero trust-focused perspective.

Kalid Tarapolsi
16 January 2024

A Guide to FedRAMP Levels and DoD Impact Levels for CSPs

Understanding the FedRAMP Authorization & DoD Impact Levels, and how they align

Eric Rippetoe
05 January 2024

Cybersecurity Meets Pareto - The Three A's (AAA)

Authentication, Authorization, and Accounting

Richard A. Jones
22 December 2023

Secure Self-Hosted Runners for GitHub Actions Leveraging Amazon ECS

A review of security concerns relating to runners for GitHub Actions, and how you can securely manage your own self-hosted runners on Amazon ECS with Fargate.

Daniel Wallace
11 December 2023

I Sat for the CISSP Exam. I Passed. Here's How.

Steps I took to prepare for the CISSP exam.

David Galiata
07 December 2023

The Top 4 SaaS Security Challenges and How To Overcome Them

Navigating the pitfalls of visibility, permissions, responsibility, and emerging threats.

Lloyd Evans
Maril Vernon
Dustin Whited
18 July 2023

AWS re:Inforce re:Cap

A recap of re:Inforce and Aquia's team members' experience

Will Lindsey
29 June 2023

Hack The Box Soccer Walkthrough

A walkthrough of Hack The Box's Soccer

Will Lindsey
22 May 2023

Hack The Box Precious Walkthrough

A walkthrough of Hack The Box's Precious

Dustin Whited
26 April 2023

Announcing SCPkit!

An open-source service control policies management tool

Mario Lunato
25 April 2023

How to Sign Container Images Using Cosign

A demo of signing a container image using Cosign with a Cosign locally generated key and an AWS KMS key.

Mario Lunato
25 April 2023

Signing Software Artifacts With Cosign

Learn about the importance of signing software artifacts using Cosign to help secure the software supply chain.

Chris Hughes
27 March 2023

SaaS Governance - A Critical Industry Need

A critical industry need that shows no signs of slowing down!

Lloyd Evans
Mack Wartenberger
20 March 2023

Resiliency, Cyber Risk, and Injury Prevention

There are many challenges in data-driven risk reduction. Sports Injury Prevention offers an apt analogy for discussing the mindsets involved in building resilient architectures.

Maril Vernon
22 February 2023

“So, You’re Building a Purple Team?”

Having built and scaled Purple Team programs at every organizational level, we can tell you that no two are the same. Before you start your own, check out our tips for ensuring your team’s success.

David Galiata
08 February 2023

The Benefits Of Using SaaS Security Posture Management (SSPM)

Exploring what SSPM is and the benefits of leveraging it in your security stack

Will Lindsey
11 January 2023

Introducing KEV Bot, Our Known Exploited Vulnerabilities Bot

An introduction to Aquia's KEV notification system

Dakota Riley
01 January 2023

Taking The New Secrets Manager Lambda Extension For a Spin

Walkthrough on using the new Lambda Extension to retrieve secrets, and comparison against using Boto3

Dustin Whited
21 December 2022

The Importance of Internal Cloud Security Standards

Why an internal cloud security standard is important and how to create one

Dakota Riley
04 December 2022

AWS Re:Invent 2022 Security Recap and Top 5 Releases

We collected the security relevant AWS releases and announcements from this years reinvent!

John Sasser
03 November 2022

Aquia Values Update

We're proud to share an update to Aquia's company values

Chris Hughes
20 October 2022

Exploit Prediction Scoring System (EPSS)

A look at the Exploit Prediction Scoring System (EPSS) for vulnerability management

Chris Hughes
04 October 2022

OWASP Software Component Verification Standard (SCVS)

A look at some of the fundamental controls for each of the SCVS levels

Lloyd Evans
26 September 2022

Book Club: Cloud Native DevOps with Kubernetes

Five Meaningful Takeaways I hope you find useful from Cloud Native DevOps with Kubernetes by John Arundel and Justin Domingus

Chris Hughes
29 August 2022

An Incomplete Look at Vulnerability Databases & Scoring Methodologies

A look at some of the fundamental vulnerability databases and scoring methodologies currently in use in the industry

David Galiata
28 June 2022

Daily Bullet Journal Method

How To Plan And Prioritize Your Day

Mario Lunato
17 May 2022

How I Passed the AWS Certified Security - Specialty Exam

Tips and recommended materials used to pass the exam.

Dustin Whited
Dakota Riley
06 May 2022

Threat Detection on EKS – Comparing Falco and GuardDuty For EKS Protection

A comparison of Falco and GuardDuty for EKS Protection.

Katy Craig
22 April 2022

Psychological Safety: Easier Said than Done

Knowing is only the first step. Doing takes practice.

Katy Craig
06 April 2022

Psychological Safety

Learn about psychological safety, its importance, and how to foster it in your teams.

Dustin Whited
11 March 2022

Auto Remediation with Eventbridge, Step Functions, and the AWS SDK Integration

Learn how to use the AWS SDK for Step Functions to auto-remediate findings.

Chris Hughes
06 March 2022

Supply Chain Risk Management

Supply chain security is rapidly becoming a top concern of most technology and security leaders. This article will examine some of the background, relevant efforts, incidents and best practices around securing the software supply chain.

Dakota Riley
18 February 2022

Using Semgrep to find security issues and misconfigurations in AWS Cloud Development Kit projects

Learn how to find security issues and misconfigurations in AWS Cloud Development Kit projects with Semgrep.

Chris Hughes
11 February 2022

Securing the Digital Transformation

Aquia's Mission Description.

John Sasser
04 February 2022

Hello World

Today I wanted to take some time to reflect on our culture, our values, and our mission.