Introduction Let’s be real - when you’re working in a smaller company or with a lean cloud team, you don’t always have a full-blown CNAPP solution in place. A lot of cloud engineers I meet just want to keep things manageable: they’re already routing logs to...
Introduction During my time leading development teams, one of the most frustrating challenges we faced was dealing with the overwhelming number of security findings flooding in from various systems. They were rarely well-described, almost never prioritized, and often left us scratching our heads about their actual impact. Google’s Security...
Introduction For a long time, I used service accounts and understood the security implications of working with them in GCP, but I never really took a deep dive into how they work. Like many developers, I relied on the abstraction provided by Google’s SDKs, which made it easy to...
Introduction Google Cloud offers a secure and efficient way to manage permissions and authentication through service accounts. These accounts are typically associated with GCP resources like Compute Engine instances, allowing them to securely access other Google Cloud services. But how can we abuse the service account credentials and use them...
Introduction In my work, I often meet clients who are struggling to stay ahead of their cloud security responsibilities. Imagine a small but growing tech company that recently migrated its infrastructure to Google Cloud Platform (GCP). They have a lean IT team, with only one or two engineers responsible for...
Introduction Interacting with GCP or integrating Terraform deployments securely and efficiently into your CI/CD pipeline requires careful consideration, especially regarding authentication and permissions. Direct Workload Identity Federation offers secure way to authenticate applications without relying on long-lived service account keys. By leveraging Workload Identity Federation, we can grant GitHub...
