- Defense In Depth
- Zero Trust Architecture
- Core Security Precept: Principle of Least Privilege
- A Vendor DMZ Pattern
- Internal Endpoints Must Have The Same Security Capabilities As External Endpoints
- Non-Prod Environments Must Have The Same Security Protections As Production
- Achieving Application Environment Isolation
- No, You Shouldn't Use Production Data For Testing
- Of Daffy Bastards And Goofy F*cks In The Land Of The Lost: Integration Anti-Patterns From The Dark Side
- SOFTWARE SUPPLY CHAIN SECURITY: CI/CD/CT PIPELINES AND SECURITY TOOLS — PART 1
- SOFTWARE SUPPLY CHAIN SECURITY: CI/CD/CT PIPELINES AND SECURITY TOOLS — PART 2
Some of the craziest things I've seen done in the name of security were supposedly in pursuit of best practices. Context matters; so does commonsense.