SBOM Generation Is Not Enough: What to Actually Do With It
· 20 min read
Every team generating an SBOM and calling it done is doing the security equivalent of buying a fire extinguisher, putting it in the closet, and never reading the label.
Zero Trust Network Access vs VPN: The Art of the Rabona
· 14 min read
A rabona is not the obvious pass. You wrap your leg behind the standing one, hit the ball at an awkward angle, and somehow the play opens up anyway. VPN vs Zero Trust feels like that at first, same pitch, different move entirely.
AWS Cloud Costs Nightmare, Cutting It To Elongate That Startup Runway
· 6 min read
Cloud costs at early stage startups rarely spiral because of recklessness.
They spiral because the team was moving fast, the architecture made sense at the time, and nobody had the bandwidth to revisit it.
By the time the bill becomes a problem, the decisions are already baked in.
I have been on both sides of this, burning through it personally, and leading teams trying to unwind it before the runway ran out. Here is what has actually worked.
Protecting Your Internal Apps on Cloudflare Workers with Cloudflare Access
· 7 min read
Cloudflare Workers has become the go-to platform for deploying edge applications. It's easy to deploy, wrangler deploy and you are up.
Self-Healing HashiCorp Vault on Kubernetes: Helmization & Auto-Restore
· 11 min read
If you've been following my journey with HashiCorp Vault on EKS, you've seen me talk about automating backups and setting up TLS. But as things scaled, I realized that detached manual processes and terraform/tofu-managed manifests were becoming a major friction point.
Ephemeral Resources and the End of Secrets in State Files
· 3 min read
If you've been following my content, you know I'm big on IaC security. I've written about encrypting your OpenTofu state files before - because let's be honest, downloading unencrypted terraform state files dangling around has been a goldmine for attackers.
Dynamic Secret Management On Helm Charts in ArgoCD App
· 5 min read
Yeah, the thought process must have crossed your mind too, deploying Helm charts via ArgoCD apps. That feeling when you can finally breathe without another long hour of tofu apply or terraform apply for a minimal change to your Helm chart values.
Optimizing Semantic Remediation, Using LLMs and Deterministic Caching to Scale SAST Analysis
· 8 min read
Scaling DevSecOps: From One Engineer to Enabling Every Product Team
Scaling DevSecOps without burnout: how I moved from manual security reviews to AI-assisted recommendations that empower product teams.
RDS DB Passwordless Authentication on AWS EKS using IAM Role Service Account
· 6 min read
In 2025, are you still embedding RDS database passwords in your app? If your software supports stable passwordless authentication, switch to it. It’s more secure and simplifies credential management.
How to Prevent EKS Outages: Solving Insufficient IP Address Issues in AWS EKS
· 4 min read
Sooner or later, your Elastic Kubernetes Service (EKS) Cluster will run out of IP allocation for your workloads, pods and all.