RunAsCloud
Advanced Cloud Consultants
As part of a talk I’m doing with Boston based Workbar. I’ve written an FAQ on Amazon Workspaces. Sign up here What is Workspaces? Workspaces is a Desktop as a Service (Daas) solution from Amazon Web Services. Its a hosted desktop in the cloud made for the enterprise. It allows end users to connect to […]
UncategorizedAWS networking is probably the most important thing that people don’t want to think about. While networking on the cloud is similar to traditional on-premise, there are a few key differences. Here’s a few terms that people may or may not be familiar with: VPC – Stands for virtual private cloud. Essentially it’s a managed […]
Engineering, Technology
Recently a friend of mine told me his company, in an effort to improve security, was launching a bug bounty program. I’m a huge fan of bug bounty programs, hiring professionals to test your code is a great way to find things you may have missed and lets your clients, employees and investors know that […]
Security
When I started my career as a Systems Administrator, I thought that I would be doing that for my whole career. A few years later, I thought to myself, ”If I were to progress, what would be my next step?” After a little bit of research, I learned of a position called a DevOps Engineer. […]
DevOps, Journal
Pritunl is an open source OpenVPN and IPSec solution that comes with a somewhat popular VPN client. Pritunl Zero fills in a few more gaps by providing zero trust access to SSH and Web Services similar to products such as Akamai EAA and Zscaller. I installed an individual server using this guide. It was relatively […]
Automation, DevOps, Engineering, Uncategorized
An Interview with Tricia Ferreira, VP, Technology Product Management at World Fuel Services – on asking the right questions, leveraging expert resources, and inspiring innovation. Originally from Trinidad & Tobago, Tricia moved to the United States and studied Computer Science at FIU. She moved to Atlanta and held prominent leadership positions in Technology at GE. […]
Interview, Product, Technology
In two previous articles, I described how the Capital One breach took advantage of an EC2-specific function to obtain AWS credentials which were then used to obtain multiple files containing sensitive information. If you haven’t already done so, I’d encourage you to read parts one and two before continuing. You might also want to pull up the complaint for […]
Engineering, Journal, Security
In a previous post, I mentioned that the attack vector for the Capital One breach specifically targeted an EC2 feature. In this post, I’ll give my educated guesses about how the attack actually worked. [Note 1: if anyone happens to have any of the contents of the original gist then I’d love to get a look […]
Engineering, Journal, Security