by Stephen Kuenzli | Mar 6, 2020 | DevOps, Risk, Security
I attended two and a half days of the RSA security conference last week and I’d like to share my first-timer perspective with you. Summary The opening keynote challenged Information Security to reorganize to collaborate better with users, business, risk, and IT... 
by Stephen Kuenzli | Feb 13, 2020 | AWS, Cloud, DevOps, Risk
RT: 5 minutes Modeling Risk in Cloud Deployments described how to estimate and record threat impact and likelihood information in tags applied to Cloud resources such as databases and object stores. You can compute the risk of those threats by plugging that impact and... by Stephen Kuenzli | Feb 10, 2020 | AWS, DevOps, Risk, Security, Systems
Information Security risks are those risks “that arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential adverse impacts to organizational operations, organizational assets, individuals,... by Stephen Kuenzli | Feb 5, 2020 | AWS, Cloud, DevOps, Risk, Security, Systems
Cloud deployments often use tagging to describe the context of a compute or resource such as a who owns or what application a virtual machine or object storage bucket belongs to. However, the common resource tagging models in use don’t describe the context... 
by Stephen Kuenzli | Jan 27, 2020 | Cloud, DevOps, Security
Shift Left, Photo by Nick Fewings I hit an obstacle on my way to extending the common resource tagging models with context to describe security and risk attributes. I couldn’t get past that while I feel this should be a settled engineering practice, it... by Stephen Kuenzli | Jan 15, 2020 | AWS, Cloud, DevOps, Security
I’m researching how engineers assess the security posture of their Cloud deployments and evaluate risk to those deployments so they can improve it. Reading Time: 10 minutes The research starts with these questions: What’s the hardest part about assessing... 