Security

In the world of CI/CD, one thing we are all tired of is managing long-lived service account keys. They are hard to rotate.. risky to store, and can lead to serious breaches if leaked! 😿 In this post, I will be showing how to set up GitHub Actions + Google Cloud Workload Identity Federation (WIF) to enable secure, short-lived authentication, with no secrets stored anywhere. 🚫🔑 🚨 The Problem with Static Secrets It is still common to authenticate from GitHub Actions to GCP using service account keys stored as GitHub secrets: ...

Helloo! 👋 How are you? Let’s learn more about cloud security, detection engineering, and scalable policies 🐱🚀 🔍 Detection Engineering with Google SecOps Detection engineering isn’t just about catching threats — it’s about building a smart, scalable detection machine 🛠️. With Google SecOps, detection becomes modular, testable, and highly effective. 🧩 Composite Rules 🐐 Rather than putting every condition into a giant, brittle detection rule, Google SecOps encourages the use of composite rules. Think of them like reusable LEGO bricks 🧱: create small, atomic rules for specific behaviours, then chain them together to form higher-order detections. This lets you mix curated rules with your own custom logic to handle complex attack patterns or environment-specific edge cases. ...