#security (2021-02)
Archive: https://archive.sweetops.com/security/
2021-02-08
Hi, Did someone integrated Gitlab CI / Snyk for free? I want to avoid upgrading Gitlab ($$$)
2021-02-10
Hi, which AWS security products do you have on your AWS accounts? We use Guardduty and Config but there are so many more products! I’m not sure why aws keeps releasing new products instead of improving what we have
compartmentalization of responsibilities - at their size they can have whole teams dedicated to a single track. whereas with many of us are wearing all the hats: DevSec*Ops
we’re using: IAM, Resource Access Manager, Secrets Manager, Guard Duty, Inspector, Macie, SSO, Certificate Manager, KMS, WAF & Shield, Firewall Manager, Security Hub, Detective (I know some of those are obvious, but I included them for verbosity if it helps others)
However, we have quite a few cards in the backlog to round out the implementations within each of those
2021-02-26
Any recommended courses/certs for devops/cloud eng who want to get more into security? Might even be able to get employer to sponsor? There are a handful but would love recommendations.
i’ve heard SANS has some decent ones
for me SANS looks generic, security depend always on the topic you want to nail. Network security, application security, hardware, Os. I understand everything linked but you need to focus on some targets first.
Agreed. Deciding to visit AWS Security Specialty first as it is most aligned with what I’m working on day-to-day.
AWS security Speciality is more KMS some process, some IAM I have it and I don’t think it’s broad enough. Some topics and best practices are not even covered by the exam.
Do you recommend an alternative for cloud security?
Like CCSP