Technical Writing
Tech Blog
Cloud security, identity, infrastructure, and research. Deep dives, tools, and practical guidance.
The Unseen Variable: Identity, Agentic AI and the Path of Least Resistance
The Unseen Variable: Identity, Agentic AI and the Path of Least Resistance Every few years the industry rediscovers a truth that has always been hiding in plain sight. We rename it, formalise it, and publish new …
GCP Professional Cloud Security Engineer: 2025 Study Resources Update
Updated resources, exam lessons, and study guidance for the GCP Professional Cloud Security Engineer certification in 2025
SPADE: Side-channel Platform Abuse and Data Exfiltration
SPADE describes how adversaries can abuse trusted SaaS-hosted runtimes like Google Colab to exfiltrate data and evade CASB, EDR, and proxy controls - bypassing enterprise defenses via unexpected channels.
Announcing ISDF – Intune Stateful Device Fingerprinting
Earlier this year, I published OuttaTune – a deep dive into how Conditional Access (CA) depends on device-sourced metadata and the risks of trusting values that endpoints themselves can assert. While the community …
Turn On, Tune In, Cop Out: The sorta, not-really, fix for OuttaTune from Microsoft
Highlighting Microsoft’s documentation and UX tweaks--and the remaining unfixed vulnerability
Secure Google Cloud Authentication in Python: Avoiding CI/CD Pitfalls with Service Accounts
Learn how to avoid common anti-patterns when authenticating to Google Cloud using service accounts in Python--especially in CI/CD pipelines like Azure DevOps. This post walks through better practices for secure, reusable credential handling, complete with code examples.