Steven Smiley

@blakegreendev That’s awesome!

@stevensmiley An Air Force buddy and I built an app that uses AI to write performance evals for military service members... mostly Army ;) It's called RapidEPR - rapidepr.com

So this is what a side project going viral feels like... #200k

Create AWS access keys that can be placed in various places to tempt bad guys. If used, you will be notified within ~4 minutes. You can then investigate that asset to determine if it may have been compromised. buff.ly/4fKBGgM

🍯 aws-mine: An open source AWS honey token manager Catch attackers & compromised assets with decoy AWS access keys Notifies users via Amazon SNS within ~4 minutes when keys are used By @StevenSmiley github.com/StevenSmiley/a… #cybersecurity

ok who's going to AWS re:Inforce?

@mattgillard Also consider aws-lite.org

Whats the deal with the AWS Javascript SDK. Is v3 ok for use for a new greenfield project or should i stick to v2?

@sharkmode @wiz_io @nirohfeld @shirtamari Can you think of any other endpoint types that would allow you to append an arbitrary string at the end and still receive the notification?

@wiz_io @nirohfeld @shirtamari I'm having some trouble on the 3rd challenge. Can you provide any help/tips? I cannot find a way to subscribe to the topic due to the restriction on the endpoint needing to end in tbic(.)wiz(.)io

Up for a challenge? 👀 We're launching the "Big IAM Challenge" by @nirohfeld & @shirtamari! Real-world #AWS scenarios, ready-to-go CLI, no downloads. Compete, climb the leaderboard, earn your triumph 🏆 Ready? Dive in! 👇 wiz.io/blog/the-big-i…

📖 CloudSecList Issue 175 just got released, w/ content from @scalesec @frichette_n @__steele @TrustedSec @permisosecurity @praetorianlabs and more! cloudseclist.com/issues/issue-1…

@hashishrajan @CloudChallenges I have interviewed and hired people who did this and I’d do it again, it gives them something specific to talk about and show their enthusiasm. Better than getting a cert without ever actually building anything which seems common.

I came across @CloudChallenges today! It’s a platform to learn cloud. First thought- I think it a good idea but curious to know if anyone has used it and would share their review of it? Who should this be recommended for?

This was a massive undertaking but I'm so excited to share our findings with the #AWS cloud #security community. Special thanks to @christophetd for the great work here.

Good data driven analysis from Datadog on AWS security. No surprises for those of us in cloud security but we need to get better at closing these gaps.

AWS announces updated Support Plans Console with new IAM controls AWS Support continues to provide a mix of tools, technology, people, and programs to help you optimize performance, lower costs, and innovate faster. Today, the new AWS Support Plans... aws.amazon.com/about-aws/what…

📺 fwd:cloudsec 2022 Recordings are live! Tons of great #cloudsecurity talks H/T @0xdabbad00, @fwdcloudsec youtube.com/playlist?list=…

@iann0036 @fwdcloudsec @YYanilov @mritamar_ Do you mean it’s a bad idea in general or bad idea to adopt now since we don’t yet have the gaps solved?

Lots of fantastic talks at @fwdcloudsec and #AWS re:Inforce, but my favourite was on productionizing ABAC by @YYanilov and @mritamar_ 🏷️🔒 ABAC is still a bad idea and there are some big gaps to solve, but this is the closest I've seen anyone get. youtu.be/YHZdkpyaghQ?t=…

New Security, Identity & Compliance post by Faraz Angabini: Extend AWS IAM roles to workloads outside of AWS with IAM Roles Anywhere aws.amazon.com/blogs/security…

@QuinnyPig I thought there was a good chance I’d find the flag in a Route 53 database but alas it did not have permissions

Let’s play an #RSAC game.

If the goal of incident analysis is blame (vs. understanding why an event happened so recurrence can be prevented) then analysis will stop as soon as the first blamable cause is found as opposed to the true root cause. Hence, blameless postmortems are crucial.

@jeffbarr The good news is that migration to v2 was completely painless for all my workloads, hopefully that’s the case for others too

Important news for users of #AWS CDK v1. Check out the linked doc for migration information!

you'll want to check these out if you haven't yet: aws.amazon.com/blogs/security… aws-preview.aka.amazon.com/blogs/security…

Take a layered approach to #cloudsecurity with code-specific protections. #Cloud #awslambda #aws #awssecurity #securecoding #lambda #defenseindepth #applicationsecurity #DevOps scalesec.com/blog/implement…