And why you should, too!

TL; DR — use the CDK to enable and listen for GuardDuty findings across your entire AWS account. All you need is an AWS account, a computer, and a SNS topic. https://github.com/tlh2857/GuardDuty-Global-Notifier

Diagram of CDK Project

I recently began working through a challenge:

How can one easily enable GuardDuty in all AWS Regions (an AWS Security Best Practice) and set up alerts when findings are generated in any of those regions?

Keyword being easily.

If you’re not familiar with GuardDuty, and if you’re using AWS, then I encourage you to check it out. It uses Machine Learning (ML) to…


A ‘choose your own adventure’ type of tutorial.

This is a choose your own adventure type of tutorial

If you read my previous article, Getting Started With Cloud One Application Security, then this will be a really cool extension of that work. And if you’re already familiar with Cloud One Application Security (abbreviating it COAS for short), then this will be good for you, too.

This piece was born from an idea that a coworker of mine shared. The idea being that one can use the event information in COAS to update a global bad IP list that’s used by the AWS Web ACLs in their Web Application Firewalls (WAFs).

I’ve thought that this was a really cool…


This guide is designed to teach you how to create your own Node.js web application from a bare bones Linux container. We will also equip the application with Cloud One Application Security and then demonstrate how you can exploit a vulnerability in the web application, and how Cloud One Application Security can detect and mitigate these exploitations.

Part 1: Introduction to Containers and Application Security

Before we dive into the setup, I think it’s wise to discuss some key concepts related to containers and container security.

So, what are Containers?

“A container consists of an entire runtime environment: an application, plus all its dependencies, libraries and other binaries…


There’s (nearly) no such thing as a free lunch

A few weeks ago I wrapped up an internship at Trend Micro — the “Certification Program in IT Security”, also known as CPITS. My career trajectory has permanently changed.

A brief background:

Several years ago, some of the leaders at Trend Micro, one of the largest cybersecurity companies in the world, had a collective vision to bring security training to interested individuals in the earlier stages of their careers. Their reasons were many. One being the ever-increasing cybersecurity skills gap, and another being good will and the desire to give back…


I recently passed the AWS Certified Security — Specialty (SCS-C01) exam less than three weeks after passing the AWS Certified Solutions Architect — Associate (SAA-C02) exam. Coming from a non-IT background, I thought I should draft this article to serve as a guide to others that are preparing for these exams, especially for those that are new to the industry. It was a lot of work, for sure, but also a lot of fun. If you’re currently preparing for these exams, or even if you’re just thinking about it, then I hope you’ll find this article helpful and encouraging.

Because…


And how you, too, can keep tabs on your variables!

This is part of a mini series on JavaScript concepts. The expectation is that the readers have minimal experience in JavaScript, so if you’ve been around the block then some of this may be review. That’s not to say that the more experienced folks will walk away empty handed. My goal is to go sufficiently deep into a topic so as to enlighten those whose grasp may be wide but superficial.

TL; DR: variables declared with let and const are block-scoped. Variables declared with var are function-scoped. Never implicitly declare variables, as these will be globally scoped, and will overwrite…


There’s more than one way to skin a cat.

This is the beginning of a mini series on JavaScript concepts. The expectation is that the readers have minimal experience in JavaScript, so if you’ve been around the block then some of this may be review. That’s not to say that the more experienced folks will walk away empty handed. My goal is to go sufficiently deep into a topic so as to enlighten those whose grasp may be wide but superficial.

Let’s dive right in to JavaScript variables: assignments and declarations.

What do the following 3 examples have in common?

const myVariable = 6;          //Example 1let mySecondVariable; //Example…

TL; DR: Don’t rush into a $13,000 coding bootcamp without checking out this alternative.

“Hey, you should check out JavaScript. We just hired a graduate of a bootcamp and offered him $85,000, with only 3 months of experience.”

That’s what my brother told me about a year ago. I was in-between work and looking for a change. Enter JavaScript.

It started casually — coding bat, freeCodeCamp, YouTube — but as the months went on, I knew I needed something more, something hands on.

That graduate that my brother hired attended Hack Reactor, which was apparently as competitive as Harvard, and…

Terry Hillis

Technical Rotation Associate @TrendMicro; views are my own

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store