Category: Blog

  • CKA – The arduous journey of planning

    Certified Kubernetes Administrator has been on my mind for the last year but I didn’t have enough time to start on the curriculum due to other vouchers I had were expiring so now I found myself with one month to burn a CKA + CKS Bundle. This was in the back of my mind but…

  • Kube-hunter by Aqua Security in K8s

    You’re likely wondering how are microservices orchestration services secured and what tools do exist to give us visibility. The biggest concern I see with many that have moved to cloud without proper strategies such as CAF and establishing Governance/Security as code prior to the leap, is visibility. How are my services actively exposed? Aqua Security…

  • Kubernetes in Action RBAC

    Kubernetes offers a plethora of plugins that are used throughout your orchestration needs however natively speaking on security we have to consider RBAC and roles that are needed or used to access the resources in our cluster. For today’s demo I’m going to go through some CLI of creating a role, deciphering the YAML, and…

  • Kubernetes Certificate Signing Requests

    Today I’m going to cover concepts aligned with CKA in terms of security. Certificate Signing Requests have to be approved by the kubernetes administrator to be allowed For this tutorial I’m going to be running AKS in Azure you can run K8s in you’re preferred platform such as GCP, AWS or DigitalOcean. I’m running this…

  • Azure DevOps Pipeline DevSecOps with Terraform and Tfsec

    Azure DevOps is the platform that operates on Microsoft Cloud providing CI/CD capabilities to developers in one area, for this post I’m going to show how to run a release pipeline with TFSec to run IaC Scanning on potential misconfigurations that can arise when writing IaC. If you want to follow along a few pre-requisites…

  • K8s and using AKS

    When deciding on breaking down monolithic applications for a micro-services approach, take good inventory of your technical depth of your team. Kubernetes will unlock an entire universe of possibilities with many plugins, repos, and products to choose from you might be asking yourself where do I begin. When deciding AKS/EKS/GKE determine on how much do…

  • Defender for Cloud (Cloud Security in Azure)

    Defender for Cloud was a rebranding of Azure Security Center and is the premier offering from Microsoft Azure as a control plane for security and visibility in Azure. While this is a small view of the dashboard you can see the experience has changed in Azure, AWS and GCP as of recently you can now…

  • Microsoft Entra (CIEM/Verified ID)

    Microsoft has made some bold acquisitions and recently launched Microsoft Entra with a few new offerings in Azure. Notably, the acquisition of CloudKnox has been integrated with Permissions Management if you recall permissions in IAM can really make or break access that can be overlooked by those who don’t understand permissions. But what happens when…

  • Azure Data Factory Moving Data into CosmosDB

    Azure Data Factory is Microsoft’s Service for transferring data but also building (Extract, Load, Transform) of Data or what is also known as Extract, Transform, Load. However, this is one way of getting data into your CosmosDB DB and respective containers for this post, I’ll deploy two items Azure Cosmos DB Account (SQL Core API)…

  • Azure CosmosDB DP-420 Prep

    What is Azure CosmosDB? It’s a NoSQL Database offering that offers scale massively across practically unlimited partitions. How does this intersect in the data domain? Likely after you’ve complete DP-900 you’d want to scratch the surface of understanding more how data interacts in the cloud and perhaps use cases that your organization is evaluating. CosmosDB…