Architecture policies and Terraform files are written by different people, at different times, with no connection between them.Continue reading on Medium »
Developers clone unfamiliar repositories all the time. Open-source projects, work from teammates, sample code from a tutorial, a library someone recommended on a forum. The convention is old and reasonable: you look at what’s inside before you ru…
Since starting my cybersecurity career in 2010 at Paychex, and subsequently scaling security architectures across enterprise environments…Continue reading on Medium »
Development teams are moving fast and AI coding tools have made that even easier.Continue reading on Medium »
Do it now before too late!Continue reading on Medium »
Securing the AI You’re Building: What the OWASP GenAI Data Security Guide Means for Developers Who Own the Routing LayerMost AI security articles are written by security professionals explaining risks to developers. This one is written by a developer w…
And it probably isn’t asking for permission. Here’s how to lock it down before you become a cautionary tale in the next State of Secrets…Continue reading on Medium »
Part 2 of the prt-actions-pwn series. Read Part 1 for the threat landscape, attack chain, and vulnerability patterns.Continue reading on Medium »
Hello Friends!Continue reading on Medium »
Blind Trust in LLM Code SuggestionsContinue reading on Medium »