DevSecOps & Resilience Engineering
Browse series · RSS · Atom
Start here: first entry.
Supply Chain Security: SLSA, SBOM, and Build Provenance
Spec-driven research note (January 2022): Supply Chain Security: SLSA, SBOM, and Build Provenance.
Reproducible CI/CD: Determinism as Defense
Engineering notebook entry (February 2022): Reproducible CI/CD: Determinism as Defense.
Secrets Hygiene: Rotation, Scoping, and Runtime Delivery
Adversarial-first deep dive (March 2022): Secrets Hygiene: Rotation, Scoping, and Runtime Delivery.
Runtime Security: eBPF, Policy, and Drift Detection
Adversarial-first deep dive (April 2022): Runtime Security: eBPF, Policy, and Drift Detection.
Kubernetes Hardening: RBAC, NetworkPolicy, and Pod Security
Threat-model-first analysis (May 2022): Kubernetes Hardening: RBAC, NetworkPolicy, and Pod Security.
Multi-Region Design: Failover That You Can Actually Test
Threat-model-first analysis (June 2022): Multi-Region Design: Failover That You Can Actually Test.
Rate Limiting & Load Shedding: Protecting Reliability SLOs
Engineering notebook entry (July 2022): Rate Limiting & Load Shedding: Protecting Reliability SLOs.
Observability at Scale: Traces, Cardinality, and Cost
Spec-driven research note (August 2022): Observability at Scale: Traces, Cardinality, and Cost.
Backup/Restore as a Protocol: RPO/RTO with Adversaries
Adversarial-first deep dive (September 2022): Backup/Restore as a Protocol: RPO/RTO with Adversaries.
Secure Configuration: Policy-as-Code and Guardrails
Spec-driven research note (October 2022): Secure Configuration: Policy-as-Code and Guardrails.
Rust/Go Secure Coding Patterns: The Bugs That Still Happen
Adversarial-first deep dive (November 2022): Rust/Go Secure Coding Patterns: The Bugs That Still Happen.
Red Teaming Infrastructure: Turning Attacks into Regression Tests
Threat-model-first analysis (December 2022): Red Teaming Infrastructure: Turning Attacks into Regression Tests.