Oluwatobi Mustapha

I locked in, and passed the AWS Security Specialty exam!

This is what Chatgpt 100% disagrees with

@JYukariHero couldn’t have said it better.

@Tobi_Msp Open source = your mistakes are public. PRs give you a second set of eyes before the internet finds your bugs for you.

Also, to anyone building open source tools, instead of committing directly to your codebase because you are the founder, after getting your roadmap right, do everything via PRs and use AI code reviewers e.g. Cubic or Codex connector etc. Configure them to review every commit. Yes, this will slow you down, but it will also save you in the long run.

References: 1. What’s new: aws.amazon.com/about-aws/what… 2. User guide: docs.aws.amazon.com/organizations/…

AWS quietly made SCPs easier to work with. You can now attach up to 10 SCPs per root, OU, or account, and each policy can be twice as large as before. That gives teams more room to keep guardrails clean instead of squeezing everything into one messy policy. Nice update for anyone managing AWS Organizations.

@JYukariHero So if AI can't catch unmodeled threats, and humans miss them by your definition, what actually catches them before prod? And what have you built with AI that led you here?

@Oluwatobi_Msp Feed it all the context you want. Still reviews against known patterns. Unmodeled threats walk right through.

@xiaosong217044 Will try this. Thanks.

@Oluwatobi_Msp You can use the --auto-accept flag or set up a task file with specific instructions I usually write a TASKmd with the scope and let it run in a tmux session Just make sure you have git commits as checkpoints because it will make decisions you did not expect

Chat, how can I run Claude code on auto-mode?

@JYukariHero Fair. But that’s a prompting problem not a tooling problem. Are you feeding it your architecture context or just letting it review the diff blind?

@Oluwatobi_Msp PRs over direct commits, always. AI reviewers catch the obvious stuff. Won't save you from a bad threat model though.

@kaumnen You have been shipping great stuffs man!

rtk and caveman might be the best 2 additions to my claude code workflow this year so far rtk - shortens cli commands outputs caveman - shortens chat output

@JYukariHero Good points, Johnny.

@Oluwatobi_Msp Right. Same applies to markets. FEIE exempts $132k+ for US citizens working where expertise commands a premium. Legal arbitrage when you have options.

One of the biggest career mistakes I see after working in big tech and coaching professionals from companies like Google, Amazon, Microsoft, and Meta is this: People becomes too immersed in their company's internal world. And without realizing it, your professional world gets smaller. I've seen this happen a lot in big tech. Someone spends years at a company like Google or Microsoft and becomes incredibly strong internally but disconnected externally. They know every internal tool, every org structure, every company-specific term. But if they leave? Suddenly they need to relearn the market. Remember: Your company is not the entire industry. Talk to people outside your company. Learn about the tools everyone is talking about. Go to events. Understand competitors. Careers are built in the market and not just inside one company. The goal is not just to be successful where you are. It is to remain valuable wherever you go. CC: Gabriela.

Thanks @awscloud

Passkeys might be the best thing to happen to login security in a decade. And hundreds of millions of customers seem to agree, not because they're suddenly passionate about cryptographic authentication (they're not), but because the experience is just so much better. This week was World Passkey Day. It used to be called World Password Day. That rename says a lot about where things are headed. Security has always come with a catch: stronger protection, worse experience. Better experience, weaker protection. Pick one. Passkeys finally break that tradeoff. You sign in with a fingerprint, face scan, or the same PIN you use to unlock your phone. Nothing to remember. Nothing to phish. Nothing to forget at 11pm when you're trying to reorder cat food. Our data shows customers sign in 6x faster than with a password. Better security, better experience. That's why we've gone all in. Passkeys are now our default sign-in method, and enrollment is up 75% year over year. The passwordless future isn't coming. It's mostly here.

How to keep your agents running even when your laptop is closed: deploy them to a VPS or remote server and connect via SSH. Your laptop becomes optional.

If you’re building in the cloud, your API shouldn’t care who the user is as much as what they’re allowed to do. ID tokens are for “who.” Access tokens are for “what.” Treating them the same is how you end up with broken object-level authorization.

aws.

@Oluwatobi_Msp Context.ai OAuth to Google Workspace to Vercel. Third-party AI tools just became the supply chain vector. Audit your workspace permissions.

Amazon Elastic Kubernetes Service just launched support for IAM session policies for pod credentials 🥂 This is an important improvement for least-privilege in Kubernetes on AWS. Session policies let you constrain permissions at the time credentials are issued, which gives security teams another layer of control beyond the base IAM role. In high-scale environments, this can reduce role sprawl while making pod-level access boundaries more practical to manage. aws.amazon.com/blogs/containe…