Cloud KMS Fundamentals for Enterprise: Part 2What we really want to control about our keys is generally, who can use them, for what purposes, and with what configuration.Feb 22, 20212Feb 22, 20212
KMS Fundamentals for Enterprises moving to the Cloud: Part 1As a Cloud Security Engineer at Google Cloud, I get asked questions about Key Management Service (KMS) all the time as clients are…Feb 10, 2021Feb 10, 2021
Use Google’s Tink for Asymmetric EncryptionIn this tutorial, we’ll implement a common solution to a problem that GPG typically solves, but do it all with Tink.Sep 30, 2020Sep 30, 2020
Stop downloading Google Cloud service account keys!TL;DR: Downloading service account keys poses a serious security risk to your organization because they are long lived and not…Jul 27, 202011Jul 27, 202011
Okta Authentication in Vault using OpenID Connect (OIDC)A long time ago in an internet far far away, the Okta plugin for Vault was the only way to use your Okta credentials to get into Vault. It…Jul 16, 20201Jul 16, 20201
Understanding Cryptography with RSARSA is an asymmetric cryptographic algorithm that you are probably using right now to view this article over HTTPS. It was designed by Ron…Apr 22, 2020Apr 22, 2020
Protection from Container Malware with AnthosTL;DR there is a fairly new attack campaign using the Kinsing malware targeted at container platforms like Docker and GKE. This post will…Apr 7, 2020Apr 7, 2020
HashiCorp Vault and Terraform on Google Cloud — Security Best PracticesDeploy HashiCorp Vault with Terraform on Google Cloud adhering to security best practices and least privilegeOct 22, 20191Oct 22, 20191
Published inScaleSecPractical, Proactive Amazon S3 SecurityBefore you go shopping, let’s take a look at what you already have at your disposal to protect your data in the cloud.Jul 31, 2019Jul 31, 2019
Published inScaleSecProtecting GCP Services with VPC Service Controls and TerraformAutomate Google Cloud VPC Service Controls to protect your cloud workloadsApr 11, 2019Apr 11, 2019