Blog
Writing
Technical notes, lab writeups, and lessons from work across DevOps, cloud infrastructure, and cybersecurity.
AllDevOpsCybersecurityCI/CDDevSecOpsAWSMSc CybersecuritySOCAnsibleinfrastructurecybersecuritypipeline securityIncident ResponsePenetration TestingIaCAzureSecurity OnionSIEMdevopsidempotencyLinuxsecurityDigital ForensicsAutopsyVolatilityInsider ThreatDMIDockerMicroservicesSpring BootObservabilityWeb SecurityOWASPBurp SuiteFile UploadSecrets ManagementCloud SecurityGitHub ActionsAzure DevOpsMITRE ATT&CKRed TeamSecurity AssessmentTerraformState ManagementZeekSuricataAutomationNginxlinuxubuntupythonmigrationautomationcareer transitionbuilding in publiccloud infrastructureportfolioproductionhardeningSSHauditdfail2bandefence in depthshift-left securitycloud securitycareersystems-thinkinglearningcloudCloudArchitectureSecurityLab
Latest Post
9 min read
Secure the Ground Before You Build the Pipeline — Linux Hardening for DevOps Engineers
Most DevOps engineers spend serious effort on CI/CD security controls and almost none on the Linux hosts those pipelines run on. If the ground is soft, the pipeline controls do not hold. Here is what host hardening actually looks like — and how it reinforces everything above it.
LinuxhardeningDevSecOpsCI/CD
Read Post