Links:
re:Quinnvent: https://requinnvent.com

Don’t be surprised when ‘move fast and break things’ results in broken stuff: https://cloudpundit.com/2021/10/27/dont-be-surprised-when-move-fast-and-break-things-results-in-broken-stuff/

Twitter thread: https://Twitter.com/quinnypig/status/1453214680764219392

Correlate security findings with AWS Security Hub and Amazon EventBridge: https://aws.amazon.com/blogs/security/correlate-security-findings-with-aws-security-hub-and-amazon-eventbridge/

Three ways to improve your cybersecurity awareness program: https://aws.amazon.com/blogs/security/three-ways-to-improve-your-cybersecurity-awareness-program/

Amazon releases free cybersecurity awareness training: https://www.aboutamazon.com/news/community/amazon-releases-free-cybersecurity-awareness-training

Quiet Riot: https://blog.traingrc.com/introducing-quiet-riot-c595cfa629e

AWS inventory collection tool: https://github.com/darkbitio/aws-recon

Deploys a Lambda: https://github.com/fivexl/Terraform-aws-CloudTrail-to-Slack

TranscriptCorey: This is the AWS Morning Brief: Security Edition. AWS is fond of saying security is job zero. That means it’s nobody in particular’s job, which means it falls to the rest of us. Just the news you need to know, none of the fluff.Corey: This episode is sponsored in part by Liquibase. If you’re anything like me, you’ve screwed up the database part of a deployment so severely that you’ve been banned from ever touching anything that remotely sounds like SQL at least three different companies. We’ve mostly got code deployment solved for, but when it comes to databases, we basically rely on desperate hope, with a rollback plan of keeping our resumes up to date. It doesn’t have to be that way. Meet Liquibase. It’s both an open-source project and a commercial offering. Liquibase lets you track, modify, and automate database schema changes across almost any database, with guardrails that ensure you’ll still have a company left after you deploy the change. No matter where your database lives, Liquibase can help you solve your database deployment issues. Check them out today at liquibase.com. Offer does not apply to Route 53.Corey: I’ll be hosting a drinkup-slash-meetup at Optimism Brewery in Seattle tonight at 7 p.m. if you’re in town, stop on by and let me buy you a drink. And of course, re:Quinnvent approaches if you’re interested in keeping up with what my nonsense looks like, check out requinnvent.com.Corey: Let’s see what happened in the world of security last week. Lydia Leong of Gartner has been on a tear lately. Don’t be surprised when ‘move fast and break things’ results in broken stuff is her latest and an important read. The goal isn’t to slow things down; it’s to build guardrails that mean you can move fast, safely. That’s the goal of security, to provide safety, not impenetrable blockers to getting work done. Forget this at your own peril.I also wrote my own Security Awareness Training in the form of a Twitter thread. It’s like a normal version except it’s funny. Don’t discount that, though; it’s not a joke. If you make people laugh, you’ve gotten their attention. If you have their attention, then you’ve got a chance to teach them something.What’d AWS have to say about security last week? Correlate security findings with AWS Security Hub and Amazon EventBridge. So, let me get this straight. AWS sells and charges for Amazon GuardDuty, Amazon Macie, Amazon Inspector, and Amazon Detective, but still wants you to wire stuff together yourself in order to correlate events? How are they so good at the technology bits and so very bad at the ‘tying it all together with a neat presentation’ part?Corey: This episode is sponsored in part by something new. Cloud Academy is a training platform built on two primary goals: having the highest quality content in tech and cloud skills, and building a good community that is rich and full of IT and engineering professionals. You wouldn’t think those things go together