Why I didn't budget for a penetration test in 2024

BLUF Competing priorities, cost-consciousness, and lower-hanging security fruit were the reasons penetration didn’t make it into my AOP this year. I’m not in a highly regulated environment, though, so if regular penetration testing is a requirement, then your options are limited, but here are some things to consider. Analysis Each offensive security consultancy and penetration tester has their own methodlogy. Penetration testing isn’t guaranteed to find your most prevalent vulnerability, nor your most difficult, movie-plot security threat....

May 21, 2024 · 3 min · 570 words · Chris

Use AWS Config To Hunt Public S3 Buckets

This post covers using AWS Config as a starting point to find public s3 buckets in your organization.

November 2, 2020 · 2 min · Chris

Find Resources With AWS Config

Use AWS Config to locate AWS resources

August 12, 2020 · 3 min · Chris

AWS Cloudwatch

AWS CloudWatch enables monitoring and alerting on cloud events.

April 3, 2020 · 4 min · Chris

AWS Security Hub

AWS Security Hub eases the pain of cloud monitoring

February 21, 2020 · 4 min · Chris

Protect AWS API Gateway with AWS WAF

Help protect APIGW from attackers with AWS WAF

January 31, 2020 · 5 min · Chris

AWS CloudTrail

AWS CloudTrail is the cornerstone of cloud SECOPS

January 30, 2020 · 3 min · Chris

Changing Direction

How my career is changing.

January 17, 2020 · 1 min · Chris