TLDR; * Security of Cloud IAM requires a different mindset than traditional IAM. Once credentials are breached, attackers gain access to all infrastructure in a Cloud environment. This is one of the Primary Reasons why IAM is the new Perimeter. * To address IAM security gaps, start with Tagging of IAM Resources,
January 24, 2024
TLDR; * IAM is the critical component when moving workloads from On-Prem to Cloud. Special attention should be paid to Right Sizing of Permissions early on as part of Cloud Security strategy. * Visibility of Cloud Assets is important. Implement Automation for workloads and follow DevSecOps best practices to ensure Security is
January 10, 2024
TLDR; * When it comes to Code generation using Gen AI tools, Trust but Verify. Always run those through your DevSecOps pipelines for Static & Dynamic Scans. * During Prompt engineering, stay away from feeding sensitive information and ask for Low Cyclomatic Complexity recommendations. It’s simpler and easier to maintain. * On
December 27, 2023