For one of our customers, we had a requirement to use ArgoCD to serve up applications inside a Big Bang-based Kubernetes Cluster deployed with Zarf. There is a lot to unpack there. ArgoCD is a tool in the GitOps space that enables sort of an inversion of control pattern in a Kubernetes cluster (very similar...

A colleague of mine noticed that an automated process that he maintains stopped being able to retrieve a file from a Cloudfront hosted site that DISA maintains. Essentially he started receiving TLS related errors. I looked into this with him and we noticed that the SAN certificate was issued by Entrust and was renewed 5...

There are times when security compliance and auditing make sense.  At times, there can be regulations and facilities requirements that exist that require that from a perspective indeed do qualify as security requirements and lead to the implementation of controls. Enter Policy As Code (PaC).  The sole purpose of security is to enable the business...

Terraform is a programming language that allows for describing an Application Programming Interface (API) with the additional benefit of state management and locking. In this example, we are managing AWS (Amazon Web Services) resources with Infrastructure-As-Code. There are several vulnerabilities that have been found in the last few days to layer into the Log4J vulnerabilities...

BeyondCorp is an implementation ideal surrounding Zero Trust Networking and Architecture. I wrote an article for US CyberSecurity Magazine called “Identity and Transmission Based Authentication” right before the pandemic started, not knowing how spot-on I was going to be. The proliferation with work-from-home however, I could not have calculated to occur so rapidly. Organizations were...

While the internet has existed for several decades, it’s only in recent years that security has become a popular concern. Cybersecurity tools and products now are a multi-billion dollar industry. Security engineers and executives continue to mitigate risk by trying to accurately quantify where their organizations might be vulnerable. Measuring security risk is hard. Typically,...

How people work has changed significantly in the last five, ten, twenty years. Furthermore, there was a time when people would go out to a field to farm or go to a physical factory for wages. However, with the invention of the microprocessor and the rapid speed in which that has advanced application capability, so...

Unisquatting (a portmanteau for Unicode cybersquatting) or the Internationalized Domain Name (IDN) homograph attack is a fairly new type of mechanism that builds on several other types of Domain Name System (DNS) address attacks. The typosquat (Uniform Resource Locator (URL) hijacking) attack relies on being able to register a domain name very closely resembling another...