Information Technology
In the early days of my career, I had the epiphany that “Best Practices” really do not exist or apply to most scenarios. It should be all driven by logic and common sense in the end. What makes much more sense is to find the standard /common practice compares to the mythological unicorn of “best practices” and see if has value and benefit in a specific case. Continue reading “PowerShell: When and Where Writing Logs Matters”
I’m always looking for books that cover a topic from a different angle or a broader approach, this one is the perfect example, indeed, security-focused but through the magnifier lens or under the influence/culture of Agile.
Working for a Software Development company I found this book a good match for my DevOps/System Engineer role and I put it on my wish list. Six months ago I purchased another book, but guess what happened? Continue reading “Book Review: Agile Application Security”
Once again this is not a sponsored review by my 2 cents.
This pocket guide it’s not an introduction to git the best practices, but it will show some options available and will boost your confidence and knowledge to solve most of the common problems. It’s full of practical examples with just enough deep dive into git to show you the things work under the hood.
This book is very good “to show you the tip of the iceberg”. Git, like any other distributed system, is complex, but most of its common features and operations that are easy to understand aren’t so difficult and if you’re not familiar with the CLI, there are plenty of tools to get you started. Continue reading “Git Pocket Guide: Book Review”
As a DevOps engineer, I frequently come across talented developers that underestimate some security aspects of the deployments, for instance, just to name a couple: integrity and authenticity of the code or artefacts that we deploy.
Python and Powershell are powerful languages to develop quick and robust solutions that are extremely popular among attackers, for this reason, our ecosystem should take security very seriously.
Security is now far beyond the (old) perimeter of the company’s premises and infrastructure, indeed network or systems is abstracted away with or without cloud/hybrid deployments and just the enforcing identity is not enough in most cases.
In my opinion, white-listing applications around code-signing and checking the integrity of our code it’s more effective and less painful than you can think a good habit to build on a daily basis.