A grimoire is a book of spells - a collection of snippets found on StackOverflow or got Slack’d by a coworker that got me out of a jam. There’s a decent chance it can’t be found again. This is w...

I recently had the honor of speaking on the 6th at the Software Supply Chain Security Summit. Many thanks to Lineaje, a terrific group of moderators, and my fellow speakers for a fantastic event. ...

Let’s make some dangerous choices safer inside a devcontainer. Sometimes it just isn’t possible to do things ‘the right way’. In hindsight it wasn’t possible to avoid 🐳 Docker-in-Docker 🐳, was it...

Last time, we made a simple devcontainer for Ruby that was effective, lightweight, and secure. But also uncomplicated. Let’s add a few services to make it more realistic. While I was at Booz All...

I work in devcontainers quite a lot. It provides many of the benefits of a tool like Python’s virtual environments, with the additional upsides of being version-controlled and portable across comp...

User - “We need a SAST scan of our container images.” Me - “You’re using two container scanners already. Do you mean static analysis of the source code before you put it into a container?” U...

From BSides Boulder 2024, let’s layer on the business and people complexities on top of this deeply technical problem. Despite all the hardships we’ve reviewed, building software and systems in hi...

From BSides Boulder 2024, trying to prove why changes occurred without any additional context is difficult. Let’s work together to make that easier. This is an expanded set of slides and resource...

From BSides Boulder 2024, locations of fun - where controls can be reliably set, where they can be bypassed, and where secrets can be stored too. This is an expanded set of slides and resources si...

From BSides Boulder 2024, time is meaningless and other terrible misunderstandings. This is an expanded set of slides and resources since shown live on 14 June 2024 (YouTube recording). 🪻 Overv...