Open in app

Sign in

Write

Sign in

Alex Smolen
Alex Smolen

584 followers

Home

About

Access approvals considered harmful

Access approvals are a feature in categories of software bearing fancy names like Entitlement Management, Identity Governance, Privileged…

Nov 11, 2024
2
Access approvals considered harmful
Access approvals considered harmful
Nov 11, 2024
2

Better security policies

Security policies are the backbone of information security programs. They define commitments to leadership and communicate objectives to…

Jul 31, 2024
Better security policies
Better security policies
Jul 31, 2024

Risks are not risks, vulnerabilities are not vulnerabilities

In information security we emphasize the importance of risk, but we struggle to operationalize it. How do we make risk useful for auditors…

May 26, 2024
Risks are not risks, vulnerabilities are not vulnerabilities
Risks are not risks, vulnerabilities are not vulnerabilities
May 26, 2024

Using feature flags for security

Apr 27, 2024
Using feature flags for security
Using feature flags for security
Apr 27, 2024

Designing Least Privilege AWS IAM Policies for People

This was originally published on the now defunct IAM Pulse blog in 2021.

Feb 14, 2024
Feb 14, 2024

Meeting the FedRAMP FIPS 140–2 requirement on AWS

FedRAMP is a compliance program for cloud services to process US Federal government data. If you haven’t heard of it, consider yourself…

Oct 2, 2023
2
Meeting the FedRAMP FIPS 140–2 requirement on AWS
Meeting the FedRAMP FIPS 140–2 requirement on AWS
Oct 2, 2023
2

Vulnerability Inbox Zero

This is a summary of my LocoMocoSec 2022 and QCon SF 2022 conference talks — thanks to co-author Jake Mertz and the LaunchDarkly Security…

Dec 5, 2022
1
Vulnerability Inbox Zero
Vulnerability Inbox Zero
Dec 5, 2022
1

Signing Serverless Lambda code with GitHub Actions

Code signatures help prevent unauthorized code execution. They bridge trust between build and execution environments. This post shows you…

May 8, 2022
1
Signing Serverless Lambda code with GitHub Actions
Signing Serverless Lambda code with GitHub Actions
May 8, 2022
1

What are Security Invariants?

The only reasonable numbers are zero, one, and infinity — Bruce J. MacLennan

Apr 3, 2022
What are Security Invariants?
What are Security Invariants?
Apr 3, 2022

Securing GitHub organizations

Interior view of Stockholm Public Library via wikimedia.org

Jan 15, 2022
Securing GitHub organizations
Securing GitHub organizations
Jan 15, 2022
Alex Smolen

Alex Smolen

584 followers

Security for the people.

Following
  • Austin Songer

    Austin Songer

  • Ashe Magalhaes

    Ashe Magalhaes

  • Steve Schlafman

    Steve Schlafman

  • Rain Capital

    Rain Capital

  • Kelly Shortridge

    Kelly Shortridge

See all (373)

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech