Zeno

This week in Humans Behind Code, we're happy to have Jeronimo Irazabal!

Jeronimo Irazabal is the Chief Architect & Co-Founder of immudb , and Open Source Immutable Database.

Read the interview to discover more about the Human and the Code!

This article presents how to monitor the security posture of Azure cloud environments and DevOps platforms

According to a prediction from Google Cloud experts, by 2025, 90% of security operations workflows will be automated and managed as code. The prediction is based on the current challenges faced by organizations in managing security risk across modern technology environments, including a lack of funding, resourcing, skills, and applicable solutions, as well as an increase in data volume, alert fatigue, financial costs, and complexity.

To address these challenges, organizations are turning to automation and managed services, and shifting to security engineering over operations in order to manage risk at scale.

Google has developed the Autonomic Security Operations (ASO) framework as a holistic approach to modernizing people, processes, and technologies, with the goal of enabling organizations to adopt a cloud-scale engineering approach to threat management.

Learn how to setup secure secrets on Kubernetes using Sealed Secrets, External Secrets Operator, and Secrets Store CSI driver.

GKE Policy Automation is a tool for automating the checking of GKE clusters across an organization.

It comes with a library of policies based on best practices and recommendations from Google, and can be run manually or continuously for automated verification. It uses the Kubernetes Engine API to gather data from the clusters, and checks it against the set of policies. Results can be output in the console or saved to Cloud Storage or Pub/Sub.

It can also integrate with Google's Security Command Center to allow for easier analysis and remediation of non-compliant clusters.

Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers.

GitHub brings free secret scanning to all public repos.

Qualys launched new security and compliance features for Oracle Cloud Infrastructure (OCI). The organization’s security platform was further integrated into OCI through the Vulnerability Scanning Service (VSS).

Malicious packages that download ransomware binaries written in Golang were found in PyPI and NPM.

👉 If you're a Developer or a maintainer of a widely adopted Open Source project and you think it's worth talking about it and your experiences in building it, join Humans Behind Code and get interviewed and published on faun.dev!

Leverage Azure, AWS, GCP, and VMware vSphere to build effective multi-cloud solutions.

What you will learn:

• Get to grips with the core functions of multiple cloud platforms
• Deploy, automate, and secure different cloud solutions
• Design network strategy and get to grips with identity and access management for multi-cloud
• Design a landing zone spanning multiple cloud platforms
• Use automation, monitoring, and management tools for multi-cloud
• Understand multi-cloud management with the principles of BaseOps, FinOps, SecOps, and DevOps
• Define multi-cloud security policies and use cloud security tools
• Test, integrate, deploy, and release using multi-cloud CI/CD pipelines

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

Version Notifier is a modern solution for the "being notified" aspect of each Techy's day-to-day work. By using it, you'll be notified for any new global repository release you choose, directly to your Slack / Telegram channel.

Random scripts for generating Flipper data files.

Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.

The first high-level programming language was Plankalkül, created by Konrad Zuse between 1942 and 1945.