With the release of the criminal complaint in the recent Capital one breach we now have a better understanding of how Paige A. Thompson exfiltrated data from their cloud vendor. We don’t know all the details and can only make inferences based upon the information available.

"When you start a sentence with '200 million' in the Cybersecurity world it's likely to end with 'records exposed' but today it's ending with something much scarier, 'devices exposed'." - Nigel Smithson, Sr. Cybersecurity Solutions Engineer @ Sayers  

Any time a human is involved, the potential for weakened security increases.  Password policies are necessary for cybersecurity compliance; however, burdensome password policies can result in bad user behavior like password transformation.

Sometimes we just need a sanity check and assessments offer that opportunity.  An assessment can offer a glimpse into those things that may require our attention, and ideally, some validation of our good work.  But, they can be potentially expensive.  For a quick self-assessment, there is a ...

The attraction of a DevOps strategy is understandable, but sometimes I feel like the speed of business should be just a bit slower.  

Overall, there is a weak grasp on what "Cloud Security" actually means.