Trying to come up to speed on cloud security at AWS re:Invent 2022? Here’s my session guide for attendees of all levels.
CJ Moses, CISO of AWS, delivers a leadership session to highlight the state of security and what’s next.
Highlights from Dr. Werner Vogel’s keynote at AWS re:Invent 2022.
Highlights from Ruba Borno’s AWS Partner keynote at AWS re:Invent 2022.
Highlights from Swami Sivasubramanian’s data and machine learning AWS re:Invent 2022 keynote.
Highlights from AWS re:Invent 2022’s Monday Night Live with Petere DeSantis
Notable new features and functionality announced during day one at AWS re:Invent 2022.
Leading up to AWS re:Invent, these 5 great new features launched to help your cloud security practice.
Your centralized security needs to support a variety of teams building in the cloud…and they all have differing levels of maturity.
The included_files feature of Netlify Functions can be confusing. Here’s how to get it working.
I’ve been publishing to markn.ca for almost 22 years. I broke it yet again in order to fix it.
For stronger security, stop focusing on cybercriminals and pay attention to how your teams are building in the cloud.
The best conference in cloud is back for 2022. Here’s how to get the most out of the show!
AWS re:Inforce brought the people side of security into sharp focus.
Lacework gets named to the Forbes Cloud 100 list for 2022.
Compliance is a snoozer of a topic. It shouldn’t be.
The keynote at AWS re:Inforce will send a strong message about security. Here’s what I want to hear from AWS.
AWS uses a very specific session structure for their events. Here is the key to understand the differences.
Visibility is often cited as the top requirement for any cloud security practice…but what is it exactly?
Too often security is a singular focus or area of responsibility. It doesn’t work like that. Security is part of a bigger whole.
Serverless used to mean something…maybe. Does it mean anything to the cloud community today?
The RSA Conference is jam packed with great content. Here’s how you can get the most from your week in San Francisco.
The Shared Responsibility Model provides the roadmap for cloud success. Here’s how to use the model to your advantage.
Machine Learning is a valuable and useful tool…when used correctly. Hear from one of the best how to do just that.
Okta is responding to a public cybersecurity incident, what can we learn from how they handled communications?
With cybercriminals becoming bolder, it’s not surprising that we’re seeing more big name breaches.
CloudFlare launches a new API Gateway product, will is shake up the market?
Google Cloud makes some small pricing adjustments and reactions are mixed. Here are my thoughts.
Google Cloud recently cleaned up both the CLIs and SDKs for building in the Google Cloud.
The AWS Audit Manager can help organize all of your audit and compliance evidence. This solution helps streamline the collection of non-AWS resource data points.
The AWS Well-Architected Tool allows users to create their own Custom Lenses. I have thoughts…
Google Chrome OS Flex is going to help put Chrome OS on a lot more computers. That’s a good thing, right?
Kubernetes is challenging to configure and maintain on the best of days. Here’s where to focus your security efforts.
Optimism (an L2 Ethereum project) just paid out a two million dollar bug bounty.
Building a ticketing or registration system? AWS just released a solution to help queue demand.
Attackers can find your cloud misconfigurations with almost no effort, why can’t you?
Once you’ve aggregated all of your AWS Security Hub Findings, here’s one way to visualize and analyze them.
Once you’ve aggregated all of your AWS Security Hub Findings, here’s one way to visualize and analyze them.
Misconfigurations in Amazon S3 keep happening. Here’s why and how to stop them.
Data Privacy Day is upon us once again, here’s an interesting discussion around key privacy topics and how they might impact you.
AWS Security Hub Findings are great, but they can be better. Here’s a simple pattern from the AWS team to enrich those findings automatically.
DevOps and DevSecOps are terms that are thrown around a lot. What do they really mean?
Everything in the cloud works on a shared responsibility model. Here’s how it works.
Log4j is hiding in a number of your systems. Here’s help to plan out your response.
In late 2017, IDT did an AWS “This is My Architecture” video. The video talks about how they managed secret information in their AWS environment.
No one can predict the future. Here’s what the data shows will be trending in cloud security in 2022.
In late 2017, iRobot did an AWS “This is My Architecture” video. The video talks about how they deployed their microservices in AWS.
Every year AWS sets the tone for all of cloud at AWS re:Invent. Here’s what you can expect in cloud computing for 2022.
The leadership session at AWS re:Invent provide a deeper dive into a specific area of focus. Stephen Schmidt, CISO at AWS takes the stage to talk all things security.
AWS re:Invent is always THE event in cloud. Werner Voegls delivered the latest version of his hotly anticipated keynote on day four.
Amazon Inspector first launched in 2015. Now in 2021, it’s re-launching with a brand new architecture and a host of new features.
AWS re:Invent is always THE event in cloud. Petere DeSantis’ keynote provided a peek behind the curtain of the technology that drive AWS itself.
Corey Quinn interviews key AWS leaders in a casual settings. This time he sits down with Bill Vass, VP Technology & Engineering
AWS re:Invent is always THE event in cloud. Swami Sivasubramanian took the stage to deliver the machine learning focused keynote on day three.
Amazon Inspector first launched in 2015. Now in 2021, it’s re-launching with a brand new architecture and a host of new features.
AWS re:Invent is always THE event in cloud. Adam Selipsky gave his first keynote as the CEO of AWS. Here’s what he covered during this two hour session.
AWS re-launches a dramatically improved Amazon Inspector, a software vulnerability discovery/management service.
Here are the top AWS announcements leading up to and during AWS re:Invent 2021.
AWS re:Invent has over 500 sessions available remotely. Here’s a near complete list for easy searching.
AWS re:Invent is always THE event in cloud. This year a lot of people can’t attend in person. This post tells you how to get the most out of the virtual side of the event.
AWS re:Invent is always THE event in cloud. This post is the ultimate guide to getting the most out of the show.
An overview of the AWS Well-Architected Frameworks’ Performance Efficiency pillar.
Most security practices make the same set of mistakes when moving to the cloud. This talk looks at those mistakes and how to avoid them.
An overview of the AWS Well-Architected Frameworks’ Reliability pillar.
There are massive opportunities to advance your security practice as your business moves into the cloud. This talk provides a step-by-step approach that will help you maximize them.
An overview of the AWS Well-Architected Frameworks’ Cost Optimization pillar.
An overview of the AWS Well-Architected Frameworks’ Security pillar.
An overview of the AWS Well-Architected Frameworks’ Operational Excellence pillar.
In late 2017, Airbnb did an AWS “This is My Architecture” video. The video talks about how they built a system to test their Amazon RDS databases.
AWS Labs has a lot of open source code up on GitHub. This repo helps you visualize your AWS workloads and highlight areas of cost.
AWS Labs has a lot of open source code up on GitHub. AWS Data Wrangler is a bridge between python pandas DataFrames and AWS data services.
AWS Labs has a lot of open source code up on GitHub. This repo provides an easy way for developers to view your Amazon API Gateway APIs.
AWS Labs has a lot of open source code up on GitHub. This repo helps you visualize your AWS workloads and highlight areas of cost.
AWS Labs has a lot of open source code up on GitHub. This repo helps you visualize your AWS workloads and highlight areas of cost.
AWS Labs has a lot of open source code up on GitHub. The code in this repo lets your embed Amazon QuickSight dashboards in your HTML.
AWS Labs has a lot of open source code up on GitHub. This repo contains a solid set of AWS WAF rules for common web-based attacks.
AWS Labs has a lot of open source code up on GitHub. Gluon TS helps you create forecast models for time series data.
AWS re:Invent is always THE event in cloud. As 2021 draws to a close, what path will AWS set the cloud on. What new services, features, and tools will builders get to create with?
AWS Labs has a lot of open source code up on GitHub. This post looks at the AWS Lambda Powertools for Python.
In late 2017, Station X did an AWS “This is My Architecture” video. The video talks about how they built out a genomics processing pipeline on AWS.
AWS Labs has a lot of open source code up on GitHub. This post looks at the AWS Deployment Framework.
The Amazon Builder’s Library is a great set of deep dive papers into the challenges with modern systems. This post looks at how Amazon balances system stability between control and data plane requests.
The Amazon Builder’s Library is a great set of deep dive papers into the challenges with modern systems. This post looks at how Amazon conducts hands-off deployments.
DevSecOps is the latest in a long line of buzzwords. The core makes sense: work on security earlier. But why isn’t this everywhere? Here’s the biggest mistakes teams are making trying to “do” DevSecOps.
The Amazon Builder’s Library is a great set of deep dive papers into the challenges with modern systems. This post highlights some of the challenges in dealing with multi-tenant systems.
The Amazon Builder’s Library is a great set of deep dive papers into the challenges with modern systems. This post highlights some of the challenges that the retry pattern presents.
In late 2017, Capital One did an AWS “This is My Architecture” video. The video talks about how they built Cloud Custodian and how that tool helps them enforce policies in the AWS Cloud.
The Amazon Builder’s Library is a great set of deep dive papers into the challenges with modern systems. This post highlights some of the challenges in dealing with failure at scale.
AWS has a huge library of fantastic resources. This post highlights the recently released whitepaper walking public sector organizations through machine learning best practices
AWS has a huge library of fantastic resources. This post highlights the recently released whitepaper talking about serverless multi-tier architectures.
AWS has a huge library of fantastic resources. This post highlights the recently updated whitepaper aligning the NIST Cybersecurity Framework to AWS.
AWS has a huge library of fantastic resources. This post highlights the recently released whitepaper about building reactive systems on AWS.
In late 2017, New Relic did an AWS “This is My Architecture” video. The video talks about how they setup their Terraform execution plans in a modular fashion. This provided the team some much needed flexibility when managing builds.
AWS has a huge library of fantastic resources. This post highlights the recently updated whitepaper on building out a CI/CD practice in the AWS Cloud.
AWS re:Invent is always THE event in cloud. As 2021 draws to a close, what path will AWS set the cloud on. What new services, features, and tools will builders get to create with?
Are you a security professional or a builder looking to learn more about security? This year, I wrote the official guide for security attendees to AWS re:Invent. Here’s what’s in it and why.
In late 2017, CorpInfo did an AWS “This is My Architecture” video. The video walks through how they handled a massive amount of events coming from various IoT devices they had deployed. Remember, this was before any of the AWS IoT-specific services!
In late 2017, Civitas Learning did an AWS “This is My Architecture” video. It was one of the first. The video walks through how they handled processing personally identifiable information at scale using batch processing.
In late 2017, the Finanical Times wanted to get developers to factor in cost to their designs. They created a gamified solution to help drive this change…and it worked.
We’re producing more audio and video than ever. But you can’t get the most out of that content until you transcribe it to text. In this stream we do that using the Google Cloud.
In late 2017, Netflix explained how they tackled the problem of failing over when disaster struck. Four years later, how well does that design hold up? What could we improve given the services and features available today?
Facebook, Instagram, and WhatsApp are deeply integrating into many aspects of daily life for many communities and business. One networking misconfiguration reminded 3.5 billion users of just that.
In late 2016, Lyft demonstrated the service discovery engine they built on AWS. Five years later, how well does that design hold up? What could we improve given the services and features available today?
Live Text is now available in iOS and iPad OS but not macOS. I try to fix that with the help of Google Cloud in this tiny cloud project.
Misconfigurations are the number one security concern in the cloud. Guardrails can help you prevent misconfigurations from happening. This talk shows you the principles behind sustainable, useful guardrails.
There are a lot of acronyms related to cloud security. What do they mean and can they help you?
As a new user in the AWS Cloud, is AWS App Runner the service that’ll get your one container up and running quickly? This post explores that question.
As a new user in the AWS Cloud, what does it take to get one container up and running? What service do you user? How many steps are there? This post explores that question.
The second installment of AWS re:Inforce was entirely virtual and gave a great view of the state of security in the AWS Cloud. Here’s what the event says security practices and how to set yours up for success.
AWS re:Inforce returns in person and provides a deeper look into how AWS views security.
The US government takes steps to codify cybersecurity requirements for critical infrastructre.
Are security agent programs bad? Don’t even answer, that’s a ridiculous question.
A discussion about the evolution of security in the cloud. Security is now becoming a critical piece of a developer’s pipeline, what does that actually mean?
A purely digital RSAC 2021 kicks off looking back at a challenging year and to the challenges ahead for the security community.
The AWS Identity and Access Management (IAM) service turns 10 years old today. While it’s a fantastic service that keeps adding features, it really was the first step towards real cloud security.
I recently made a career move and it’s allowed me to re-double my efforts in the community. What do you want to learn about cloud and security?
No other technology revolution has induced more fear, uncertainty, and doubt for so long than the cloud. This post explores the “why” of it and more…
It’s hard to keep track of all of the amazing content on the web. To help, I’ve created a few “super feeds” for your favourite RSS reader.
Setting a new cloud account well is reasonably simple, but what about accounts that are already active? Here are some tips to add guardrails after the fact.
Week three of three (!) for AWS re:Invent 2020 kicks off and this post will be my “live blog” for the week. Check back often for reactions, news, and tips on how to get the most out of the week.
There’s always more than one way to solve a problem. That’s a big advantage of AWS, but it can also be overwhelming to deal with. You will make mistakes. That’s ok.
Week two of three for AWS re:Invent 2020 kicks off and this post will be my “live blog” for the week. It will be neither “live” not probably completed this week. Check back often for reactions, news, and tips on how to get the most out of the week.
Amazon EventBridge helps build loosely coupled applications that scale independently and makes it easier to integrate cloud-based applications and services.
As you continually evolve your use of AWS products and services, it’s important to consider ways to improve your security posture and take advantage of new security services and features. This session shares architectural patterns for meeting common challenges, service quotas, and tips and tricks for continually evaluating your architecture against …
To operate services, Amazon relies on having high-fidelity visibility into how its systems behave and the user experience, whether that’s using AWS services or shopping on Amazon.com. In this session, learn about Amazon’s never-ending journey for the perfect granularity of monitoring. This session covers the full spectrum of monitoring at Amazon, …
Coverage of the keynote of AWS re:Invent 2020 where Andy Jassy delivers new services, features, and more.
Week one of three for AWS re:Invent 2020 kicks off and this post will be my “live blog” for the week. Check back often for reactions, news, and tips on how to get the most out of the week.
AWS re:Invent is always jam packed with new content. This post is a road map for my content during this three week virtual event.
AWS launches a mountain of new features leading up to and during AWS re:Invent. Here’s the list of announcements for 2020 and my perspective on a lot of them that I think will help you build better.
AWS re:Invent is the best conference in cloud. This post lays out what you need to know to get the most out of the 2020 edition of this amazing event.
AWS re:Invent is the best conference in cloud. This year it’s an entirely virtual experience spread over 3 weeks. This post will help you get the most of out the event. (Updates regularly)
The Well-Architected Framework is a set of principles that can help you find the ideal build for the problem at hand…regardless of the size of that problem. This post walks you through the application of the framework to a small problem but delivers big returns.
Mornings With Mark streamed regularly throughout 2018 and 2019. Speaking to issues around technology, security, and privacy, this short (5—9 min.) casual show helps viewers understand recent events and releases in tech.
Mornings With Mark streamed regularly throughout 2018 and 2019. Speaking to issues around technology, security, and privacy, this short (5—9 min.) casual show helps viewers understand recent events and releases in tech.
Mornings With Mark streamed regularly throughout 2018 and 2019. Speaking to issues around technology, security, and privacy, this short (5—9 min.) casual show helps viewers understand recent events and releases in tech.
The Unicorn Project is the latest book from Gene Kim, one of the leaders of the DevOps movement. The book focuses on developer enablement and culture. What does this have to do with cloud security? Everything.
The cloud is an amplifier. It lets teams do more with less. This innovative and fast-paced approach creates a mountain of security …
The second series of my live streaming series for Trend Micro. In it,I speak to various cloud leaders about what’s happening in cloud.
A Cloud Guru is hosting Cloud Madness. Thirty two cloud services face-off over four rounds but only one will be crowned the champion. Here’s my completed bracket and reasonable for my picks.
In this live streaming series for Trend Micro, I speak to various cloud leaders about what’s happening in cloud.
Organizations struggle with extending their security practices to the cloud. Traditional approaches don’t work, and new cloud-only practices duplicate work for an already overtaxed team. The goal of cybersecurity is simple: to ensure that what you build works as intended and only as intended. This session teaches you how the AWS Cloud Adoption …
Serverless architectures help you and your team focus almost entirely on delivering business value. They also break almost every existing security technique. I’ve been actively researching serverless security for a while now, here’s what I’ve learned over the past three years.
Cybersecurity is topic that comes up regularly as something you have to do…or should do…or are forced to look at by your security team. But why? There have been reports of serverless threats. Rumours of traditional security issues that should keep you up at night. Is any of it real?
When new technologies are adopted, cybersecurity implementations …
Security is often misunderstood and addressed in the last stages of a build. Operationally, it’s ignored until there is an emergency. In this talk, we review several advanced security processes and discuss how too easily automate them using common tools in the AWS Cloud.
This approach helps you and your team increase the security of your build …
AWS re:Invent is the best conference in cloud. This post lays out what you need to know to get the most out of the 2019 edition of this amazing event.
Serverless architectures are a fantastic solution to a lot—not all—design challenge. The benefits they bring are substantial and they can reduce the overall ops and development burden for a lot of teams. But when we’re talking about serverless, are we all talking about the same thing?
Google recently announced a new, all-in-the-cloud gaming service called Stadia. For gaming fans, there’s a lot of potential that—fingers crossed—hopefully pans out.
But the design of the system is an implementation of a pattern we use in securing high sensitivity data as well.
Has this pattern’s time finally arrived?
A recent survey from RightScale showed a lot of confusion around cloud computing costs. The common take away? Organizations are surprised at how high their cloud bills are. Similarly, the community was surprised at the size of Lyft’s commitment to AWS (around 8 million per month).
But the root of this problem isn’t what you think.
Amazon announced a host of new “Alexa enabled” devices last week. What are the implications for your privacy at home?
The DevOps movement is the single biggest opportunity security teams have had in a long time. The goal of DevOps is speed and innovation. That goal can be achieved with systems and automation: why not fully integrate security at the same time for a win-win?
AWS re:Invent is the best conference in cloud. This post lays out what you need to know to get the most out of the 2018 edition of this amazing event.
All the news and notes from the 2018 AWS Summit in San Francisco
There’s a lack of easy-to-use tools for “average” users to analyze their data. In today’s world, that means something.
Voice is going to play a huge role in the future. What are the security and privacy challenges?
AWS re:Invent is the best conference in cloud. This post lays out what you need to know to get the most out of your first time at this amazing show.
Four principles to help you navigate a cloud migration and the realities of hybrid cloud.
AWS re:Invent is the best conference in cloud. This post gives you the top five things to focus on to get the most out of the 2016 edition.
AWS re:Invent is the best conference in cloud. This post gives you the top five things to focus on to get the most out of the 2015 edition.
The shared responsibility model defines how the cloud works. This post examines how Shellshock impacts that model.
Recent vulnerability “POODLE” demonstrates how the shared responsibility model helps reduce your security workload.
The shared responsibility model is simple to explain but challenging to implement. This post examines how the models works for the latest Xen hypervisor bug.
AWS continues to expand it’s global network with the opening of a new region in Frankfurt, Germany.
Microsoft hosted it’s annual Worldwide Partner Conference and the focus on was Microsoft Azure. I delivered a talk focused on how to automate security operations in Azure.
Code Spaces is the worst case scenario. A simple misconfiguration in the cloud cost them their business.
Cloud computing is more than just fast self-service of virtual infrastructure. Developers and admins are looking for ways to provision and manage at scale.
Microsoft Build 2014 kicks off a new era for Microsoft. One that will (hopefully) transform the company and focus on building out their cloud; Azure.
As AWS opened their summit series for 2014, 5000+ people packed into the Moscone Center. There was a ton of energy in the air and I got to talk about updating security operations for the cloud.
What does a modern security practice look like in the cloud? How do each of the area change?
Forensics is an area that’s often lacking in corporate environments. Few people have time to truly dig into an incident after it’s been resolved. Can we make forensics easier in the cloud?
Network security monitoring is changing dramatically in the cloud as more and more responsibilities are shifted to the Cloud Service Provider. How should your team adjust?
Incident response is often overlooked by everyone outside of the security team. In the cloud, automation and cooperation reign supreme.
The cloud is a fantastic opportunity to improve your security posture…but only if you update how you handle operations.
The cloud security discussion has changed from ‘should we’ to ‘how do we’. Here are the top issues you should be tackling.