AWS Solution Architect Professional (SAP)

On Flying Time It has been a busy year. A lot of time was spent actually working with AWS and a good many of their offerings. So much time that the whole year flew by and I almost didn’t have the time to take the certification I had been working on for so long. Another issue was that test centers were still not open in my area so the testing had to be proctored.

AWS Certification

Certification Path Amazon has several paths for certification that target different job roles. Having an architecture and a security background I decided to move towards the full AWS Solution Architect first then pursue a security specialty later on if it seemed valuable. The first place to start is an overview for the learning paths After looking at the prerequisites my certification path looks like this: Cloud Practitioner -> Solution Architect-Associate -> Solution architecture

Security Capabilities All The Way Down

All the Way Down We continue our series on using capabilities to our advantage in creating design and architecture. We will cover how we can model information security all the way down. This section, like the section on Cloud Capabilities, begins with the layout of those abilities. We also have to remember that capabilities are the highest level or the highest description we will be using. The actual behaviors and implementations will be much more detailed.

Security BSides Chattanooga 2018

Security BSides You probably already know about Security BSides and how they came about. If not jump on over to BSides to get the scoop. There are many BSides events around the Chattanooga area. We have them in Knoxville, Nashville, Asheville, Atlanta, and Huntsville just to name the ones that come to mind. Chattanooga is a growing tech community and has many large and small businesses that have security concerns.

The Certified Cloud Security Professional Test

First things first The most important point, for me anyway, is that I passed the test. It was helpful for me to hear how other people passed their tests and how they obtained their certifications. I can’t guarantee that you will pass the test if you read this but hopefully you will pick up a couple of tips that may help you along the way. What is the CCSP The (ISC)2 CCSP is a joint effort between the (ISC)2 and the Cloud Security Alliance.

Entitlements in a Multi-tenant World

We are in a super-shared, and super-scaled world where rights are no longer concentrated in one place. Your rights and permissions are living everywhere in the neighborhood. They have left home. These is the presentation I used for a basic talk on why it is important to understnad how entitlements work these day. It was meant for presenting but you may get somehting out of it. Entitlements in a Multi-tenant World(PDF) Entitlements in a Multi-tenant World(PPTx)

B-Sides Nashville 2016 Presentation

IAM Complicated: Why you need to know about Identity and Access Management B-Sides Nashville 2016 was a great event. Here are the links for the presentation. The IAM Complicated Recording thanks to Iron Geek. IAM Complicated Presentation(PPTX) IAM Complicated Presentation(PDF)

B-Sides Nashville 2016

I have been given the opportunity to speak at B-Sides Nashville 2016. This year’s topic will be all about identity access and management. IAM Complicated: Why you need to know about Identity and Access Management Do you know where identities are born? How can you tell what an identify can and can’t do? What do you do when you realize your refrigerator has an identity of its own? If your IPS blocks your refrigerator you may lose access to your pizza.

OpenSDL Presentation

Here is the condensed version of how to mix security into agile development. Agile and Security. (PDF) Concept Platform A basic framework for the concept has been built around a Wiki and the OpenSAMM. This framework should be good enough to grow the idea and determine if it will add security value. The current version is here: Http://

B-Sides Nashville 2015

I got the opportunity to be at B-Sides in Nashville over the weekend. It was a great opportunity to mingle and meet people who had an interest in information security. One of the best parts was a great mix of old professionals and quite a few new people who were interesting in seeing what security is all about. It was a good time and I appreciate all the effort it took to make it happen.