Tributary

Daniel Wallace
06 June 2024

❄️ Snowflake Safe. The Importance of SaaS Governance

Effective SaaS Governance. A view into how Snowflake can remain safe.

Mack Wartenberger
Eric Jackson
03 June 2024

Breaking Down the NSA’s Guidance on Zero Trust Implementations for the Applications and Workloads Pillar

A look at how the NSA’s guidance aims to simplify incorporating Zero Trust principles into enterprise networks

Eric Jackson
31 May 2024

When Zero Trust Makes Zero Sense

Exploring what this buzzword means and how it can lay the foundation for a more effective security practice when approached correctly

David Galiata
28 May 2024

Top 5 Reasons CMS's SEAS IT AI Contract Is One to Watch 

The CMS SEAS IT AI contract is a forward-thinking blueprint for the future of government healthcare systems. Learn more about the top five reasons why it's a contract to watch.

Mack Wartenberger
22 May 2024

Uncle Sam Wants YOU (To Learn To Code) – And He’s Got An Apprenticeship Program For It

How apprenticeships can help us close the cyber employment gap and help us win the cyber war

Kalid Tarapolsi
21 May 2024

Key Updates in FedRAMP Governance and Regulations

Learn more about changes driven by an updated FedRAMP roadmap, RFQ for a GRC solution, and pen testing guidance for public comment.

Allie DiPietro
15 May 2024

The New NIST SP 800-171 Revision 3 is Here! Comparing Revisions 2 and 3 

After nearly two years of waiting, NIST SP 800-171 Revision 3 is final. Here are the major changes to consider.

Nathalie Baker
Allie DiPietro
Mario Lunato
13 May 2024

10 Essential Questions to Ask When Outsourcing FedRAMP Continuous Monitoring (ConMon)

Unlock the key to selecting the right service provider for your FedRAMP ConMon needs. Explore the 10 essential questions to ask, empowering you to evaluate effectiveness and ensure compliance.

Jono Sosulska
Sara Thomas
08 May 2024

Successfully Transitioning from Project to Product Delivery: Five Key Strategies

How and why product-based paradigms drive valuable outcomes for organizations.

Mack Wartenberger
02 May 2024

Can Collaboration with Enterprise Tech Solve the Federal Zero Trust Problem

A Fresh Federal Perspective at Axonius Adapt and How it Impacts Zero Trust Security

Ashling Knight
04 April 2024

Recap of the 2024 Cloud Compliance Summit

Aquia and AWS hosted the 2024 Cloud Compliance Summit on March 19. Looking for an overview of the topics discussed? We've got you covered!

Mack Wartenberger
26 March 2024

How I Passed the New CSA Certificate of Competence in Zero Trust (CCZT) Exam, and Why You Should Take It Too

Breaking down CSA’s new CCZT exam, and it’s utility as a resource for GRC practitioners and technical security operators looking to learn more about Zero Trust

Kalid Tarapolsi
08 March 2024

Insights into DoD's New FedRAMP Moderate Equivalency Guidelines for Cloud Providers

Navigating the FedRAMP Equivalency Memo and DoD Regulations

Dakota Riley
26 February 2024

Exploring the GitHub Advisory Database for fun and (no) profit

Principal Security Engineer Dakota Riley dives into the GitHub Advisory Database, cross referencing with other data sources and looking for interesting trends

Will Lindsey
05 February 2024

Hack The Box Sau Walkthrough

A walkthrough of Hack The Box's Sau

Maril Vernon
24 January 2024

The Importance of Threat Modeling for Building Secure Workloads in AWS

Assessing the impact and process of threat modeling workloads in AWS

Mack Wartenberger
Jeff Bond
18 January 2024

Wait, I Needed That: Criticality Analysis

Exploring the important role of a criticality analysis in evolving the security posture of organizations, from a traditional and zero trust-focused perspective.

Kalid Tarapolsi
16 January 2024

A Guide to FedRAMP Levels and DoD Impact Levels for CSPs

Understanding the FedRAMP Authorization & DoD Impact Levels, and how they align

Eric Rippetoe
05 January 2024

Cybersecurity Meets Pareto - The Three A's (AAA)

Authentication, Authorization, and Accounting

Richard A. Jones
22 December 2023

Secure Self-Hosted Runners for GitHub Actions Leveraging Amazon ECS

A review of security concerns relating to runners for GitHub Actions, and how you can securely manage your own self-hosted runners on Amazon ECS with Fargate.

Daniel Wallace
11 December 2023

I Sat for the CISSP Exam. I Passed. Here's How.

Steps I took to prepare for the CISSP exam.

David Galiata
07 December 2023

The Top 4 SaaS Security Challenges and How To Overcome Them

Navigating the pitfalls of visibility, permissions, responsibility, and emerging threats.

Dakota Riley
03 December 2023

AWS ReInvent and PreInvent security recap

A recap of the releases from around Re:Invent!

Mack Wartenberger
17 November 2023

Soft Skills in Cybersecurity: Breaking the Imposter Syndrome Code and Bridging the Entry-Level Gap

Challenges to breaking into cybersecurity, and how one career-pivoter overcame them

Jono Sosulska
13 November 2023

Driving Actionable Work From a Threat Model

A recap of the talk-turned-workshop I presented at the inaugural Threat Modeling Convention (ThreatModCon).

Chris Hughes
30 October 2023

Breaking Down the Modernizing FedRAMP Memo

Aquia President Chris Hughes in this article breaks down the recently published Modernizing FedRAMP Memo from the Office of Manangement and Budget (OMB) and discusses key implications for the future of FedRAMP and its impact on the Federal and commercial cloud markets

Elif Sumner
19 October 2023

From Apprentice to Advocate - My Journey at Uniting Women in Cyber Conference

Aquia GRC Apprentice Elif Sumner writes about her experience attending the Women in Cyber (WiCyS) conference

Mack Wartenberger
11 October 2023

Cybersecurity...How Did I Get Here and Why Are There So Many Acronyms?

Breaking into cybersecurity as a career-pivoting woman with a non-technical background

Dustin Whited
31 August 2023

Announcing the Amazon GuardDuty Runbook Generator

An open-source tool to kickstart runbook creation

Kalid Tarapolsi
15 August 2023

The Importance of FedRAMP Authorization for Cloud Service Providers

Why a CSP should make a significant investment into FedRAMP authorization

Dakota Riley
30 July 2023

Aquia Open Source Contributions - Adding a CISA KEV Enrichment Table to Matano

Principal Security Engineer Dakota Riley writes about contributing CISA KEV Enrichment Tables to Matano

Lloyd Evans
Maril Vernon
Dustin Whited
18 July 2023

AWS re:Inforce re:Cap

A recap of re:Inforce and Aquia's team members' experience

Will Lindsey
29 June 2023

Hack The Box Soccer Walkthrough

A walkthrough of Hack The Box's Soccer

Will Lindsey
22 May 2023

Hack The Box Precious Walkthrough

A walkthrough of Hack The Box's Precious

Dustin Whited
26 April 2023

Announcing SCPkit!

An open-source service control policies management tool

Mario Lunato
25 April 2023

How to Sign Container Images Using Cosign

A demo of signing a container image using Cosign with a Cosign locally generated key and an AWS KMS key.

Mario Lunato
25 April 2023

Signing Software Artifacts With Cosign

Learn about the importance of signing software artifacts using Cosign to help secure the software supply chain.

Chris Hughes
27 March 2023

SaaS Governance - A Critical Industry Need

A critical industry need that shows no signs of slowing down!

Lloyd Evans
Mack Wartenberger
20 March 2023

Resiliency, Cyber Risk, and Injury Prevention

There are many challenges in data-driven risk reduction. Sports Injury Prevention offers an apt analogy for discussing the mindsets involved in building resilient architectures.

Maril Vernon
22 February 2023

“So, You’re Building a Purple Team?”

Having built and scaled Purple Team programs at every organizational level, we can tell you that no two are the same. Before you start your own, check out our tips for ensuring your team’s success.

David Galiata
08 February 2023

The Benefits Of Using SaaS Security Posture Management (SSPM)

Exploring what SSPM is and the benefits of leveraging it in your security stack

Will Lindsey
11 January 2023

Introducing KEV Bot, Our Known Exploited Vulnerabilities Bot

An introduction to Aquia's KEV notification system

Dakota Riley
01 January 2023

Taking The New Secrets Manager Lambda Extension For a Spin

Walkthrough on using the new Lambda Extension to retrieve secrets, and comparison against using Boto3

Dustin Whited
21 December 2022

The Importance of Internal Cloud Security Standards

Why an internal cloud security standard is important and how to create one

Dakota Riley
04 December 2022

AWS Re:Invent 2022 Security Recap and Top 5 Releases

We collected the security relevant AWS releases and announcements from this years reinvent!

John Sasser
03 November 2022

Aquia Values Update

We're proud to share an update to Aquia's company values

Chris Hughes
20 October 2022

Exploit Prediction Scoring System (EPSS)

A look at the Exploit Prediction Scoring System (EPSS) for vulnerability management

Chris Hughes
04 October 2022

OWASP Software Component Verification Standard (SCVS)

A look at some of the fundamental controls for each of the SCVS levels

Lloyd Evans
26 September 2022

Book Club: Cloud Native DevOps with Kubernetes

Five Meaningful Takeaways I hope you find useful from Cloud Native DevOps with Kubernetes by John Arundel and Justin Domingus

Chris Hughes
29 August 2022

An Incomplete Look at Vulnerability Databases & Scoring Methodologies

A look at some of the fundamental vulnerability databases and scoring methodologies currently in use in the industry

David Galiata
28 June 2022

Daily Bullet Journal Method

How To Plan And Prioritize Your Day

Mario Lunato
17 May 2022

How I Passed the AWS Certified Security - Specialty Exam

Tips and recommended materials used to pass the exam.

Dustin Whited
Dakota Riley
06 May 2022

Threat Detection on EKS – Comparing Falco and GuardDuty For EKS Protection

A comparison of Falco and GuardDuty for EKS Protection.

Katy Craig
22 April 2022

Psychological Safety: Easier Said than Done

Knowing is only the first step. Doing takes practice.

Katy Craig
06 April 2022

Psychological Safety

Learn about psychological safety, its importance, and how to foster it in your teams.

Dustin Whited
11 March 2022

Auto Remediation with Eventbridge, Step Functions, and the AWS SDK Integration

Learn how to use the AWS SDK for Step Functions to auto-remediate findings.

Chris Hughes
06 March 2022

Supply Chain Risk Management

Supply chain security is rapidly becoming a top concern of most technology and security leaders. This article will examine some of the background, relevant efforts, incidents and best practices around securing the software supply chain.

Dakota Riley
18 February 2022

Using Semgrep to find security issues and misconfigurations in AWS Cloud Development Kit projects

Learn how to find security issues and misconfigurations in AWS Cloud Development Kit projects with Semgrep.

Chris Hughes
11 February 2022

Securing the Digital Transformation

Aquia's Mission Description.

John Sasser
04 February 2022

Hello World

Today I wanted to take some time to reflect on our culture, our values, and our mission.