Practical perspectives on building security teams, automating compliance, solving architectural challenges, and navigating the organizational dynamics that make security programs succeed or fail.
Data retention covers two different problems - preservation (minimum time you must keep archival data) and deletion (maximum time you can keep personal data). They require opposite technical approaches - one prevents deletion, the other enforces it. The elegant solutions?...
Read more →Your new hire sits through generic security training, clicks through a 47-page policy, and gets random access over time. Three months later they ping for production access. The policies? Nobody's looked at them since day one. There's a better way....
Read more →Modern software companies use a lot of software services. Traditional security teams address third-party risk through certifications and questionnaires, but there's an opportunity to actually reduce risk by collaborating with implementation teams on secure configuration decisions.
Read more →A framework for helping security engineers choose high-impact work using three criteria - business goals, implicit interest, and personal growth.
Read more →Running EKS in FedRAMP environments requires careful implementation across multiple security domains
Read more →Learn how software vendors can serve FedRAMP-authorized cloud service providers without going through the full authorization process.
Read more →Learn how to leverage AWS Bedrock to create a FedRAMP-compliant AI assistant for your System Security Plan without exposing sensitive information.
Read more →