“Let’s move to containers” promised engineering simplicity, security, and easy scaling … but there was a catch. 🙊 The simplicity and security gains were only true if containers were used as intend...

I have a very bad habit to confess. 😇 I pin my third-party GitHub Actions to a SHA.1 😇 This ensures that a specific commit is running every time. It’s widely considered a security best practice ...

After some internal brainstorming about doing “thought leadership” activities for sales pipeline generation, I was asked why I do mostly technical “non-sales” events when my job is in sales.1 Much...

🙈 Yet another place to look for secrets? It’s common to find as teams move their workloads into containers and navigate the security challenges that come from it. Yet it’s also puzzling … how doe...

Every time you reach for a long-lived secret, you are wrong. The impulse is good, but uh … having seen some of the recent shenanigans from yet another supply chain attack targeting long-lived secr...

Breaking up my website’s mono-repo had some unintended consequences. I wrote a script and Actions workflow that automatically updates my profile README whenever I published a new post. Since the ...

My website, plus a bunch of other random things, was in one mono-repo. It became a junk drawer I would definitely deal with … later. Spending the past few weeks on the road made it a great time f...

I recently had the privilege of speaking on the 6th at the ATARC Zero Trust Summit for Spring 2025. Many thanks to ATARC, a terrific group of moderators, and my fellow speakers for a fantastic eve...

A modest abundance of Raspberry Pi computers means I simply must build a little Kubernetes cluster. Having lost my near-infinite supply of Azure credits, it’ll be a nice return to how I got starte...

About a week before I submitted my resignation from my last role, a spirited conversation happened in a Slack channel dedicated to employee compensation - specifically the well-known trend of new h...