Vulnerability Intelligence Is a Prioritization Problem, Not a Feed Problem
Use NVD, CISA KEV, exploit context, and asset exposure to prioritize vulnerabilities without creating alert fatigue.
Disclaimer
The views expressed on this blog are solely my own and do not represent the views or opinions of my employer. The information provided on this blog is for educational purposes only and should not be construed as professional advice.
Recent posts
AWS Network Firewall + Suricata: Leveraging Open-Source IDS Rules for Cloud Defense
Leverage open-source Suricata rules in AWS Network Firewall for advanced network threat detection beyond managed rule groups.
Security Observability with OpenTelemetry on AWS
Build vendor-neutral security observability with OpenTelemetry and ADOT. Export to Grafana for unified security dashboards without CloudWatch lock-in.
Container Image Signing and Verification: Cosign and Sigstore on AWS
Implement zero-trust container pipelines with Cosign keyless signing on AWS ECR and verification in EKS.
Event-Driven Security Automation: EventBridge + Step Functions with Open-Source Threat Intel
Build automated security response with EventBridge, Step Functions, and open-source threat intelligence from MISP and Sigma rules.
Secrets Management Showdown: HashiCorp Vault vs AWS SSM and Secrets Manager
Compare HashiCorp Vault with AWS SSM and Secrets Manager. Decision framework for choosing the right secrets management approach.
IaC Security Scanning: Checkov and tfsec vs AWS-Native Controls
Shift-left IaC security with Checkov, tfsec, and AWS CloudFormation Guard. Compare tools and build defense-in-depth scanning.
Building a Multi-Cloud SIEM: Wazuh on AWS vs Security Hub
Deploy Wazuh SIEM on AWS for multi-cloud visibility or use Security Hub for AWS-native monitoring. Complete comparison guide.
Software Supply Chain Security on AWS: SBOM Generation with Syft, Grype, and CodePipeline
Build regulatory-compliant SBOM pipelines with Syft, Grype, and AWS CodePipeline for software supply chain security.
Policy-as-Code on AWS: OPA and Kyverno for Kubernetes Security
Implement enforceable security policies on EKS with OPA Gatekeeper and Kyverno for portable Kubernetes governance.
EKS Runtime Security: GuardDuty vs Falco for Container Threat Detection
Head-to-head comparison of AWS GuardDuty and Falco for EKS runtime security with real detection scenarios.
AWS CloudFront Geo-Restriction: Block Malicious Traffic by Country with WAF [2026]
Cut malicious traffic 45% with AWS CloudFront geo-restriction and WAF geo-matching. Production-ready Terraform configs for GDPR compliance and threat blocking.
AWS DevSecOps Pipeline Security: Complete Automation Implementation Guide for 2025
Comprehensive guide to implementing security automation in AWS DevSecOps pipelines with CodePipeline, container scanning, SAST/DAST integration, and complian...
AWS IAM Zero Trust: Identity and Network Deep Dive for 2025
Comprehensive guide to implementing Zero Trust architecture with AWS IAM, including identity verification, network segmentation, and continuous validation fo...
AWS Lambda Security: Building Automated Threat Detection Systems for 2025
Comprehensive guide to implementing serverless threat detection using AWS Lambda, CloudTrail, and Security Lake for real-time security monitoring and automat...