#security (2021-02)

Archive: https://archive.sweetops.com/security/

2021-02-26

kareem.shahin avatar
kareem.shahin

Any recommended courses/certs for devops/cloud eng who want to get more into security? Might even be able to get employer to sponsor? There are a handful but would love recommendations.

1
kareem.shahin avatar
kareem.shahin

i’ve heard SANS has some decent ones

Meb avatar

for me SANS looks generic, security depend always on the topic you want to nail. Network security, application security, hardware, Os. I understand everything linked but you need to focus on some targets first.

1
kareem.shahin avatar
kareem.shahin

Agreed. Deciding to visit AWS Security Specialty first as it is most aligned with what I’m working on day-to-day.

Meb avatar

AWS security Speciality is more KMS some process, some IAM I have it and I don’t think it’s broad enough. Some topics and best practices are not even covered by the exam.

kareem.shahin avatar
kareem.shahin

Do you recommend an alternative for cloud security?

kareem.shahin avatar
kareem.shahin

Like CCSP

2021-02-10

Laurynas avatar
Laurynas

Hi, which AWS security products do you have on your AWS accounts? We use Guardduty and Config but there are so many more products! I’m not sure why aws keeps releasing new products instead of improving what we have

1
loren avatar
loren

hard to get promoted just by improving existing products!

1
Darren Cunningham avatar
Darren Cunningham

compartmentalization of responsibilities - at their size they can have whole teams dedicated to a single track. whereas with many of us are wearing all the hats: DevSec*Ops

we’re using: IAM, Resource Access Manager, Secrets Manager, Guard Duty, Inspector, Macie, SSO, Certificate Manager, KMS, WAF & Shield, Firewall Manager, Security Hub, Detective (I know some of those are obvious, but I included them for verbosity if it helps others)

However, we have quite a few cards in the backlog to round out the implementations within each of those

1
1

2021-02-08

Juan Soto avatar
Juan Soto

Hi, Did someone integrated Gitlab CI / Snyk for free? I want to avoid upgrading Gitlab ($$$)

    keyboard_arrow_up