It has been a bit of time since I last wrote anything here, the past year and a bit has been interesting to say the least. I have just come back from an idyllic week in Sherwood Forest, where I spent some time reflecting on the past year and thinking about the future path. The …
RETURN FROM A CABIN IN THE WOODS, FIRST POST IN A WHILE Read More »
I have moved to a new hosting plan as such it may take a bit of time before this site is back and running properly
For the past few months I have spent quite a bit of time interviewing candidates for DevSecOps positions, we are not looking for any one particular position. We have a need for a number of people with differing levels of seniority/experience. However this has been a largely unsuccessful task. As a result I have spent …
So I finally was able to go to a test centre to sit my (ISC)2 CISSP exam, I was initially planning on doing this in April but the lockdown stopped me. I have spent the past month watching a number of Pluralsight courses, reading the study guide, and spent two weeks going through practice tests. …
It has been a busy month, where I spent most of my time studying for my CISSP exam, as such I failed to post this about the first ever virtual spice world conference from September. This is the annual conference for all Spiceworks fans, and was a great example of how a virtual conference should …
Following on from my previous post about Network Security Groups, this post is about securing an App Service Environment. An Application Gateway with Web Application Firewall (WAF) is also included to provide additional protection by providing the Web Application Gateway functionality. This works by inspecting the traffic and providing defence against the OWASP top 10 …
Azure Network Security Groups (NSG) are a core tool that enables you to control the network traffic flow within an Azure Virtual Network. A Network Security Group is a collection of stateful layer 3/4 allow/deny rules, that can be associated with either subnets or individual network interfaces. In this post I hope to cover the basics of how NSGs can be used to manage the traffic within an Azure environment and provide segmentation as part of a zero trust solution.
Following on from an earlier post about incorporating penetration testing with OWASP ZAP into an Azure DevOps pipeline, I am going to talk about how to add vulnerability checks for your ARM Templates to a release pipeline.
One of the most effective ways of enhancing the security posture of a solution is to incorporate security into the development lifecycle and embed it within the normal CI/CD pipelines of a project. In this post I am going to look at the Passive Pentest stage of the CI/CD Pipeline.
Whilst trying to organise my day, I have to manage my diary in a couple of places, my work calendar and my clients work calendar, both are Microsoft Exchange Online based, but there is no federation in place so I have to update both manually to ensure they match. I also must keep both my …
Managing time with an old school pre-digital tool Read More »