“Project Zero Trust” is a business novel by George Finney. It talks about an emerging approach to IT and Cybersecurity that attempts to reduce cyberrisk in a more fundamental way. Zero Trust is a bit of a hype in IT these days, and both product companies and knowledge agencies are dropping lots of papers on […]
Read More
My main business is cloud security education, and I have been associated with the Cloud Security Alliance for more than a decade now. Currently, the Certificate of Cloud Security Knowledge (CCSK), their relevant body of knowledge, is being upgraded to version 5. I was involved in that, and it got me thinking about LLM (Large […]
Read More
How is cloud audit different from IT audit as we know it? For starters, cloud brings new technology. And new technologies bring new risk. Then, the business model of cloud implies that security is now a shared responsibility. But in my mind, the most profound differences lie in the scale of things. If you have seen […]
Read More
A while back, I introduced my take on deployment diagrams for cloud and devops infrastructure. Some of the big points there are: it starts with intuitive drawings. Many people draw these things in similar ways, even without them having formal training. In fact, formal training in architecture diagrams will not necessarily make those drawings easier […]
Read More
The security of your SaaS cloud solutions starts with the review of three major areas. Practically all companies are using SaaS providers in one way or another. SaaS includes Services such as Trello for project management, Microsoft 365, and e.g. specialized solutions for marketing intelligence services. The sky is the limit. Most companies using are […]
Read More
Deployment is everything that happens between writing software and actually using that software by its intended users. And as we get more software and more users, deployment becomes more complex. Why deployment diagrams? Deployment diagrams are a great technique for communicating about important decisions in deploying software. Decisions such as who is going to do […]
Read More
If you are interested in improving the skills you have for leading your company’s secure cloud adoption, read on. And maybe you are also interested in leading your team in this role. In any case, I need your feedback. Is this you? About you Many people that come to my cloud training are involved in […]
Read More
Cloud-native software development enables new practices. But it also requires them. It is a new level of working. However, putting all these new practices together requires integrating a lot of pieces. To illustrate this new approach, I have started to develop a minimal application. Although minimal, I run it in production. Its basic function is […]
Read More