78 articles tagged with Security.
We've had to restore a Kubernetes cluster from backup twice. Once it worked. Once it took 14 hours. Here's the strategy we run now.
We ran Istio for a year, then switched to Linkerd. Both can do the job. The decision came down to operational fit, not features.
We scan every container image in CI and at runtime. Trivy + Cosign + admission controllers. The setup that earns its place and what we wish we'd known.
How a packet actually gets from the internet to a pod, walked layer by layer. Plus the things that surprise people the first time they hit them.
Prompt injection, data leakage, jailbreaks, and the boring controls that actually keep production AI features safe. The threat model that matters once you ship.
A flat VPC is fine until you need to prove who can reach what. Five segmentation patterns that work in AWS without requiring a service mesh.
We had four different patch cadences across our fleet and routinely missed CVEs by weeks. The unified workflow that finally caught up.
Harden container images and runtime. Image scanning, minimal base, and supply chain security.
AWS bill grew 40% YoY for two years before we got serious. Tagging, scoped budgets, and a weekly review meeting did 80% of the work.
One Terraform state file per environment sounds obvious until you watch a dev plan touch a prod resource. Here's how we actually isolate state and the mistakes we made getting there.
Our base image went from 1.2 GB and 200+ CVEs to 80 MB and 4 CVEs. Most of the work wasn't clever — it was deletion.
We mapped every byte that ends up in our production containers. The map showed three places trust was implicit. Each became a control.