Happy Friday everyone! I hope you’re week was good.
First off, I want to apologize for the newsletter snafu last week. I was off in Ohio Amish land and watched - like many of you - the newsletter deliver but then none of the article links work. The service I use for the weekly newsletters had DNS issues.
DNS. It’s always DNS!
The service was restored by Monday and nothing was lost (thank goodness), so if you skipped over last week’s newsletter content it’s safe to go back and click on things.
This week, we have a YAMS (yet another Microsoft survey) for your participation enjoyment.
Identity (IAM) Recommendations for Defender for DevOps
We’ve heard feedback from Customers on the need for identifying identity management and least privileged access vulnerabilities related to Source Code Management Systems. Microsoft’s Identity & Network Access Product Team has high-fidelity signals for identifying application identity security vulnerabilities in production. Defender for DevOps wants to “shift left” and find these issues when the code is written to prevent app identity code and configuration-level issues that can lead to compromise when deployed to production.
Defender for DevOps is looking to better understand what types of Identity-related Recommendations will be valuable in helping you maintain your DevOps security posture.
I’m on a mission this fiscal year. That mission (and I’ve already chosen to accept it) is to locate non-security conferences at which to speak about security. Security is top-of-mind for everyone, but a lot of times it just seems the effort to get the environment where it needs to be while maintaining the current workload is overwhelming. I’m looking to help with that by delivering useful, helpful guidance that can be easily consumed in chunks.
You can help me. If you know of existing non-security technical conferences, please reach out and let me know about them.
Thanks all for your continued support and dedication to this community!