@andoniaf.unicrons.cloud
Cloud Security Engineer. Writing about cloud security at unicrons.cloud.
Do you want to build "the perfect pipeline"?
@Paco_S and I will present "Level Up Your CI/CD: Building a secure pipeline with OSS" workshop at @cloudvillage-dc.bsky.social @defcon.bsky.social π
We're at @fwdcloudsec.org and we have stickers. I do not know what else to say so just find us (or the stickers we left around π)
30.06.2025 21:44 β π 0 π 2 π¬ 1 π 0
Is your boss telling you to reduce the bill? Then this meetup is perfect for you!
FinOps for Engineers: How to create real impact in your organization πΈ
with Ernesto Suarez, CEO at @GlassityStartup
πThu, June 12
β°β£18:30h
π@FlywireEng
office
πRSVP: www.meetup.com/aws-valencia...
An AWS Documentation Change Tracker, cool ππ»
awssecuritychanges.com
Would you prefer a video? I also have a video. www.youtube.com/watch?v=r7HV...
14.04.2025 16:33 β π 1 π 0 π¬ 0 π 0
Never heard about this? No problem.
Take a look to hackingthe.cloud/aws/exploita... to quickly understand how attackers do it.
And this github.com/ramimac/aws-... to understand how common (and old) this kind of attacks are.
Friendly reminder: IMDSv2 was released in November 2019.
www.bleepingcomputer.com/news/securit...
The talk is already available in YT: www.youtube.com/watch?v=p2Cb...
11.04.2025 13:40 β π 0 π 0 π¬ 0 π 0
"100% serverless Certificate Authority on AWS, only $50/year"
Never thought I would hear all these words togetherπ
But it's true, go check this amazing project serverlessca.com by @paulschwarzen
Vaya, parece que @colibid tambiΓ©n retransmite partidos de futbol de forma "ilegal"...
06.04.2025 14:13 β π 0 π 0 π¬ 0 π 0
"Vibe coders" are in trouble...
www.pillar.security/blog/new-vul...
En casa del herrero, cuchillo de palo. π
medium.com/@adan.alvare...
Open Cloud Security agenda is out! π
opencloudsecurity.vfairs.com/en/#agenda
AWS Root Keys in Front-End Code?! Wtf π
trufflesecurity.com/blog/researc...
Psychological safety is NOT about lack of disagreement.
Psychological safety REQUIRES:
* disagreement and debate
* setting standards for behavior and performance, and enforcing them
* telling people things they don't want to hear
* courage, from the bottom up
* humility, from the top down
10.03.2025 10:57 β π 0 π 0 π¬ 0 π 0
Key takeaways for me:
- "False Positives Rate" as the most important metric for measuring detection eng. success
- "Most detections (42%) were custom-built to fit their organizationβs unique envs. Vendor-provided come in second at 37%, but few rely on them exclusively."
I've been accepted as Security AWS Community Builder π π
That means more AWS Cloud Security stuff is coming! π
#AWSCommunity
I personally hate the term "human error" in this context, but I guess thats's what everyone usually uses.
01.03.2025 11:02 β π 1 π 0 π¬ 0 π 0
Do you agree with this chatGPT definition of "misconfiguration" in a cloud security context?
How would you define it?
como se entere @sbldevnet.com...
01.03.2025 10:52 β π 1 π 0 π¬ 1 π 0
Want to foster a cost-conscious culture in your DevOps team?
We loved this Reddit post (300+ upvotes) about a startup cutting its cloud bill by 40% in weeks by fostering a culture of cost / waste awareness.
Vamos, que mientras sigas cambiando cosas en su sistema nunca serΓ‘ suficiente, pero siempre valdrΓ‘ la pena.
21.01.2025 13:41 β π 0 π 0 π¬ 0 π 0"If you focus only on the what, it leads inexorably to an ever growing list of out of date dashboards and alerts and runbooks. Adding how or why signals will help you later on with further investigations. It also aids in building up and maintaining intuition about the system..."
21.01.2025 13:41 β π 0 π 0 π¬ 1 π 0"every change (not just code!) that affects a system either makes the system more observable, or reduces it's observability. [...] If you arenβt moving forward - working to make the system more observable - you are moving backward - allowing the system to become less observable.
21.01.2025 13:41 β π 0 π 0 π¬ 1 π 0
