INFOSEC The CMMC Countdown: The Action Plan, Part 3 Continue your CMMC action plan with this high-level review of the five-point controls required to get a conditional certificate.
INFOSEC The CMMC Countdown: The Action Plan, Part 2 Start your CMMC action plan with this high-level review of the five-point controls required to get a conditional certificate.
INFOSEC The CMMC Countdown: Why Your Company Needs to Prepare for 2025 Now, Part 1 Prepare your company for CMMC 2.0 compliance by 2025 with our guide on Azure tenant selection and System Security Plan creation to stay ahead in cybersecurity readiness.
Can Infosec Professionals Be Vulnerable To Phishing? Miguel Calles, created polls on social networks to learn whether people believe security engineers could be phished.
CYBERSEC Using Many Email Addresses to Reduce Your Cybersecurity Risk Using different email addresses as a cybersecurity strategy can reduce our risk. But make sure to follow good security hygiene.
CYBERSEC Leveraging the OSI Model to Prevent Cybersecurity Attacks Learn how addressing weaknesses in the physical, network, application, and human layers help prevent cybersecurity attacks.
CYBERSEC Why I Wrote A Serverless Security Book Learn why cybersecurity writer, Miguel Calles decided to write the first-ever book on serverless security.
CYBERSEC AWS CDK vs Serverless Framework Let's compare Serverless Framework and AWS CDK for framework ease of use, extensibility, and security.
INFOSEC How Serverless Computing Can Reduce Your Attack Surface Learn how serverless computing can potentially reduce your attack surface.
Five Serverless Security Tools You Need To Adopt Right Now Heads up! You can improve the security of your serverless project using free or open source solutions that are already out there.
INFOSEC MFA v2.0: Improving the State of Multifactor Authentication How to improve the security of multi-factor authentication with context.
INFOSEC Insecure Serverless Plugins: Why You Should Inspect the Source Code The Serverless Framework supports numerous plugins and they save so much time, but this convenience can come with a negative downside.
INFOSEC Removing Sensitive Data & Plaintext Secrets from GitHub Learn how to clean your GitHub history, repository and pull requests containing sensitive data (like passwords), and prevent developers from committing secrets.
INFOSEC The Hulk Was My Best Friend As A Kid: Advice on Answering Security Questions Think twice before giving truthful answers to your security questions for online banking and services. The answers can sometimes be easy to find online.
INFOSEC Stealing My Own Banking Information Infosec writer, Miguel Calles, highlights how well-meaning convenience features might result in information security leaks.
TECHNICAL Introduction To Serverless Security: Part 3 - Preventing Accidental Deletion Avoid falling victim to the pitfall of accidentally deleting your critical data when using Serverless. Learn how to enable AWS CloudFormation termination protection.
TECHNICAL Introduction To Serverless Security: Part 2 - Input Validation Infosec writer Miguel A. Calles illustrates the importance of input validation in serverless environments where there are multiple input sources.
CYBERSEC Secure Browsing: My Personal Journey Infosec writer Miguel A. Calles shares his journey to secure web browsing and a review on a service that helped him achieve his browsing strategy with remote browser isolation.
TECHNICAL Introduction To Serverless Security: Part 1 - Dependencies Infosec writer Miguel A. Calles argues it is a good idea to review which packages you import, the dependency tree, and known vulnerabilities when writing your serverless application.
INFOSEC An OWASP AppSec California Conference Review (2019) A review of the the OWASP AppSec California 2019 conference with notes from infosec writer Miguel Calles.
CYBERSEC Case Study: Wreaking Havoc via an API A deep dive case study from infosec writer Miguel Calles highlights the importance of addressing the highest OWASP security risk, injection.
CYBERSEC Hundred Billion Dollar Infosec Question A Thought Experiment - If someone gave you a hundred billion dollars to spend on improving information security how would you spend it?
TECHNICAL Using Serverless Frameworks - Part 1 Serverless has become a movement in application development because it allows developers to focus on code and leave infrastructure to the providers.
INFOSEC The Electric Vehicle Charge Attack Electric vehicles are all the rage. Little do we know we are becoming vulnerable to a cyber attack. This car salesman preys on his clients using the EV as his attack surface.
CYBERSEC Why You Should Include Cyber Requirements In The Development Cycle Including cyber requirements in your dev cycle can pay dividends over the long term argues security writer Miguel Calles.