Last time, we made a simple devcontainer for Ruby that was effective, lightweight, and secure. But also uncomplicated. Let’s add a few services to make it more realistic. While I was at Booz All...

I work in devcontainers quite a lot. It provides many of the benefits of a tool like Python’s virtual environments, with the additional upsides of being version-controlled and portable across comp...

User - “We need a SAST scan of our container images.” Me - “You’re using two container scanners already. Do you mean static analysis of the source code before you put it into a container?” U...

From BSides Boulder 2024, let’s layer on the business and people complexities on top of this deeply technical problem. Despite all the hardships we’ve reviewed, building software and systems in hi...

From BSides Boulder 2024, trying to prove why changes occurred without any additional context is difficult. Let’s work together to make that easier. This is an expanded set of slides and resource...

From BSides Boulder 2024, locations of fun - where controls can be reliably set, where they can be bypassed, and where secrets can be stored too. This is an expanded set of slides and resources si...

From BSides Boulder 2024, time is meaningless and other terrible misunderstandings. This is an expanded set of slides and resources since shown live on 14 June 2024 (YouTube recording). 🪻 Overv...

From BSides Boulder 2024, tracking what changed is the one thing that git is designed to do and it does that task ✨ phenomenally well. ✨ Here’s a few hard-earned tips to make common awkward questi...

Can you guess who I am?1 😈 It turns out distributed identity management is an oxymoron. Here’s what you can know and how to stay sane(ish) through your code audit. This is an expanded set of sli...

From BSides Boulder 2024, many attempts to figure out who did what, when, where, and why in a git repository (and some lessons learned, too). This is an expanded set of slides and resources since ...