Cloud Security Partners Blog Cloud Security Partners Blog
  • Website
  • News
  • About
  • Twitter
  • LinkedIn
Sign in Subscribe
The Security Absolutist

The Security Absolutist

All security practitioners know the Security Absolutist. It’s the practitioner who has a plan before the context, is unapologetic in their approach to security, and is unwaveringly confident in their solution. Seemingly always frustrated with the current state of security in business and consistently angry at why “people can’
Mike McCabe Oct 2, 2023
The Hidden Dangers of Using Terraform's Remote-Exec Provisioner

The Hidden Dangers of Using Terraform's Remote-Exec Provisioner

Terraform is a powerful infrastructure as code tool that can support multi-cloud deployments. Terraform provides consistent and reliable deployments for cloud infrastructure. But as with every tool there are hidden dangers built-in we need to check for! The remote-exec provisioner in Terraform can be a valuable tool, providing the ability
Mike McCabe Sep 13, 2023
SQL query written in Athena to query for specific log events.

Exploring Amazon Athena in Incident Response: A Practical Approach

Recently, our team was pulled into an incident response engagement. As part of the breach investigation, we needed to review months of extensive nginx log files stored on Amazon S3 to determine an application issue causing data leakage. Complicating matters, we had no access to our traditional SIEM tools, prompting
CSP Team Sep 7, 2023
Infrastructure as Code Security

Infrastructure as Code Security

I was excited to have the opportunity to speak recently at Kernelcon and BSidesNYC about one of my favorite topics, infrastructure as code (IAC). Having helped multiple companies build IAC security programs, talking about what we've learned is always enjoyable. Companies moving to centralized and well-managed infrastructure as
Mike McCabe May 1, 2023
Finding Strings Everywhere with Roles Anywhere

Finding Strings Everywhere with Roles Anywhere

While scrolling Twitter, I came across this tweet talking about the new AWS feature Roles Anywhere. I was messing around with the aws_signing_helper and got this panic. The trace path doesn't make me feel super confident about the security of their build process. Not that I
Mike McCabe May 1, 2023

Subscribe to Cloud Security Partners Blog

Don't miss out on the latest news. Sign up now to get access to the library of members-only articles.
Cloud Security Partners Blog © 2025.