Posts

  • Apr 28, 2022

    3 Big Transitions to go from Tech Lead to Engineering Manager

    For three years, I have been on the Twilio Cloud Security team as an individual contributor and Tech Lead. I am passionate about delivering scalable and resilient infrastructures and software, and for many years, I was enjoying doing just that.

  • May 20, 2021

    Terraform Monitoring to Your AWS Organization SCP

    SCPs provide great means to manage accounts’ IAM at scale but also introduce a “Single Point of Failure” to effectively lock all accounts out. Detecting unintended/unauthorized changes made to SCP becomes increasingly critical to ensure the stability and availability of your cloud environment.

  • Apr 21, 2021

    Tag Enforcement for CloudFormation Deployment

    AWS CloudFormation allows Parameters with regular expression requirement. We can explore this for resource tag enforcement while interacting with CloudFormation.

  • Apr 19, 2021

    Time-based control for IAM

    Roles with persistent escalated permissions are considered risky and provide a high-value target for attackers. However, Infrequent elevated privileges are still required for business needs on managing cloud infrastructure. A time-based pattern provides access for the platform and security team while ensuring the security of our cloud infrastructure by limiting the lifespan of escalated permissions. Requests for elevated privilege should be logged for future audit and threat detection.

  • Jan 22, 2021

    CI/CD Pipeline for Serverless Framework

    Serverless Framework provides you with scaffolding, workflow automation, and best practices for developing and deploying your serverless architecture. However, as part of the setup steps, it instructs you to create IAM user and static IAM access keys. Creating access keys is almost never a good practice. Instead, we are going to set up a deployment pipeline for your Serverless application, removing the dependency on static credentials and improving the resiliency of your system.

  • Nov 3, 2020

    Alert & Remediate AWS Cloud Misconfigurations with Step Functions

    In the modern cloud where democratized access to environments is granted to engineers, setting up guardrail is extremely important. While prevention is ideal, detection is a must. How does the security better scale its detection and response capability with the (hyper)growth of the organization? In this post, I will briefly go over some of the lessons learned for remediating cloud misconfigurations/vulnerability through AWS Step Functions.

  • Jun 21, 2020

    Manage Your Multi-Account Environments with StackSets

    So you have decided to move into the Multi-Account model for your AWS account structure. Now the natural topic that comes to mind is how to centrally manage infrastructures in all the accounts. This blog is to equip you with some knowledge and toolings to make life easier. We are going to explore using AWS StackSets to deploy Infrastructure as Code(IaC) in all of your AWS Accounts.

  • Jun 17, 2016

    Extreme Programming (XP)

    Software development consists of four major parts: coding, testing, listening, and designing.

  • Jun 15, 2016

    Reflection on Nextt’s postmortem

    “Starting a company is like throwing yourself off a cliff and assembling an airplane on the way down.”