Alex SmolenDesigning Least Privilege AWS IAM Policies for PeopleThis was originally published on the now defunct IAM Pulse blog in 2021.6 min read·Feb 14, 2024----
Alex SmolenMeeting the FedRAMP FIPS 140–2 requirement on AWSFedRAMP is a compliance program for cloud services to process US Federal government data. If you haven’t heard of it, consider yourself…6 min read·Oct 2, 2023--2--2
Alex SmolenVulnerability Inbox ZeroThis is a summary of my LocoMocoSec 2022 and QCon SF 2022 conference talks — thanks to co-author Jake Mertz and the LaunchDarkly Security…8 min read·Dec 5, 2022--1--1
Alex SmolenSigning Serverless Lambda code with GitHub ActionsCode signatures help prevent unauthorized code execution. They bridge trust between build and execution environments. This post shows you…3 min read·May 8, 2022--1--1
Alex SmolenWhat are Security Invariants?The only reasonable numbers are zero, one, and infinity — Bruce J. MacLennan5 min read·Apr 3, 2022----
Alex SmolenSecuring GitHub organizationsInterior view of Stockholm Public Library via wikimedia.org6 min read·Jan 15, 2022----
Alex SmolenService account standardsService accounts for Software-as-a-Service (SaaS) applications have high levels of access and are shared between multiple people — a…6 min read·Sep 22, 2021----