Mobile Security threats will continue to increase now and in the immediate future. Our phones will continue to require more and more attention in the form of ensuring we apply the most recent updates or security patches, running AV and Anti-Malware, making use of VPNs, and more

Read more →

Open Source technology it literally drives most of the technology the world. Even closed source projects such as MacOS make very heavy use of Open Source. More and more electronic devices that we buy come with copies of the GPL which means there is opensource code running on more and more devices in our homes (more on IoT in another email). Open Source drives most every major project, web site, SaaS, PaaS, or any other technology that you touch on a daily basis. Open Source is powerful and amazing. It draws on the power of numbers. Anyone can be a contributor. Anyone can be review the work done by anyone else. Anyone can perform a security audit, and in many cases many people perform them and share this information helping to keep us all more secure.

Read more →

It’s October, and you know what that means, SECURITY AWARENESS MONTH! This year for security awareness month I’ll be writing some blog posts about security concerns. Some of these things won’t be new to everyone but they’ll be great general reminders of things happening around us in cyber security. Today we’re talking about updates in dependencies. Still lingering in everyone’s mind is the recent hack at Equifax. While the amount of data leaked here wasn’t the most impressive by a long shot the sensitivity of this data makes it quite possibly the single worst data compromise in history. The most sensitive information used to identify people was compromised and leaked. Pieces of information that simply cannot be changed like Birthday, SSN and much much more.

Read more →

What do Dow Jones, the Republican National Committee, the WWE, Department of Defense contractors, Verizon and now Viacom have in common? They have all had data exfiltrated from their companies from misconfigured S3 buckets. What’s worse this time is that the bucket that was exposed was basically a set of master keys hidden under the doormat. Puppet scripts including passwords, access keys, master AWS credentials all kinds of scary things. All this comes after widespread coverage the issue and attempts from amazon to warn customers with publicly available data in their buckets.

Read more →

Last year I received and amazing opportunity to join a fantastic team. I’ve since spent the last year changing paths in my career moving from development to DevSecOps. I’ve participated in DevOps in projects in the past and I’ve always had a keen interest in security. This past year has re-ignited my passion for IT I’ve read more books already this year than I have since College.

Read more →

I’ve been away from my blog for a while and while I haven’t finished my series on the You Don’t Know JS books (I still highly recommend them for anyone interested in JS) My lack of routine posts was starting to make this site look like an ad page for someone else’s book series and I’ve not had much time to talk about other cool projects I’ve been working on and playing with. With that said today I’d like to talk about a relatively new concept called «Serverless».

Read more →

In this post I will explain how to perform file uploads entirely at the NGINX level only passing off the file handler once the file has been written to disk. It used to be that you needed to install a third party plugin to allow NGINX to handle file uploads. It had it’s pros and cons but fell out of development and current versions of NGINX no longer support it.

Read more →

This is part 2 of a series of posts based on the wonderful series of books written by Kyle Simpson and available over on GitHub.

Read more →

This is part 1 of what I will turn into a series of posts based on the wonderful series of books written by Kyle Simpson and available over on GitHub.

Read more →

After many years working in IT I’ve decided (once again) to put up a blog. Others have come and gone during various stages of my career but side projects and life have always led me astray. So why write a blog now?

Read more →