Articles on Cloud

Below are my perspectives on Cloud, drawn from my work as a security leader and practitioner.

• Tools Plant Honeytokens to Detect Intrusions
  Plant decoy credentials, configs, and URLs to surface an attack the rest of your stack might miss. Deployment scenarios include MCP server entries, AWS API keys, and Cloudflare Workers serving fake...
• Leadership The CISO's Mindset: Outcomes, Automation, and Leadership
  The role of the CISO evolving into a blend of leadership and technical expertise, with increased accountability for business outcomes. Key trends include leveraging automation and AI to enhance...
• Authentication What to Do With Products Without SSO?
  Single Sign-On (SSO) acts as a crucial chokepoint for modern defense, centralizing authentication to enforce security measures and monitor access. When purchasing SaaS products without SSO,...
• Cloud Withholding Single Sign-On from SaaS Customers is Bad for Business and Security
  Many SaaS vendors restrict Single Sign-On (SSO) to their most expensive enterprise tiers, a practice that undermines the security of smaller customers. This pricing strategy is misguided, as SSO is a...
• Cloud Untangling the Complexity of SaaS Ownership in the Enterprise
  The ease with which employees can adopt SaaS applications creates a visibility and governance gap for IT and security teams. Addressing this complexity involves documenting roles and...
• Malware Analysis How to Get and Set Up a Free Windows VM for Malware Analysis
  Setting up a malware analysis lab requires virtualization software, a Windows virtual machine, and the right tools. Microsoft offers free Windows 10 VMs that expire after 90 days, and utilities like...