Authorize Gitlab to access AWS without access keys
Authorize Gitlab to access AWS without access keys

For eons there have only been three ways to “secure” your build platform or servers. All of them have been historically bad, for different reasons:

This of course is rife with issues, you should never try to create resources in your customers AWS accounts. However, there are times when closer integration may be beneficial:

The list may go on. However, you should never:

The best solution is NOT. Your product nor tech requires this and it isn’t feasible cross-cloud provider. …

Always, always, always use a single table, if possible.

Only use multiple tables if:

Otherwise, you should merge tables without thinking about it.

Frequently I hear oh should we use REST or an event bus, we want to pass messages around. Oh Async programming, you can’t do that with REST. An other lies and fear mongering that was learned by junior developers just out of the gate and repeated far more times on and medium.

Event Sourcing — Saving a list of events in a DB

Message Bus — Create pub/sub model

REST — Creating APIs with semantic meaning

These are completely separate things and any one asking a question should we pick X or Y, is irresponsible. …

Do you have a responsible security disclosure program? There are definitely some issues with this approach.

Also, AWS SES is pretty cheap and easy to use, it provides 62k emails per month for free:

It's hard to compete with that.

The most common lifecycle of a resource flows from Creation, to Updates, to Deletion. When a resource is created access must be given to the user so that they can read and write to it afterwards. By default new resources in an application don’t imply access control. If creation is when access records are created, then reads and updates are when access records are verified. There are many examples of these in the available SDKs.

For Deletion an application must take special attention to handling updates and possibly removing permissions to a resource so that resource is freed for future…

It’s already old news at this point to be talking about two-pizza teams. You can find a myriad of articles on Google discussing what they are and why you want them. I’m going to be talking about the innovation in team management that supersedes two-pizza teams and that’s the wolf-pack team.

(Just a quick note here, I know that not all wolves form packs, nor are the packs they form most optimal in every situation, however…)

Having two-pizza team amounts to somewhere between 3 and 7 team members, where all aspects of the team are handled by that team. It…

Just writing down my list of things that are problematic with TF. While you don’t have agree, it’s good to put the list down and begin that conversation.

Capitol building cybersecurity vulnerabilities
Capitol building cybersecurity vulnerabilities
US Capitol building (Washington D.C.)

The importance of data security has not been left off anyone’s radar. And, in the wake of unauthorized access to the US Capitol building the approach for some is to wipe everything. Potentially malicious attackers on premise, able to access user data and user sessions left unlocked. The historical lack of sufficient technical experts in leading government areas have left reasonable controls out of the picture. The lack of attention to data security in some of the most critical areas results from a number of antiquated mindsets and overall deficit in talent.

The situation

However, many companies also find themselves, while not…

Being in a leadership position for a while now there are a couple of things that I can help point to. While there is some good advice in this post which could help, I first want to focus on the misconceptions:


Warren Parad

CTO and Founder at Rhosys, where we use AI security to protect applications. I share how to continually innovate and stay ahead in the technology domain.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store