| Follow @lancinimarco | Subscribe to CloudSecList

If you followed the wave of supply-chain attacks from the first half of 2026, you’ve probably realised that continuously patching and upgrading your dependencies is no longer optional.

For me, Renovate handles the patching part well. Most bumps are safe, but majors, 0.x jumps, dead dependencies, and quietly deprecated framework configs are hard to spot from a CI test. Manually reviewing every PR with the same rigor also doesn’t scale, and is a waste of time, to be honest.

Security Questionnaires. A lot has been written on them. (One of my favourites is Answering “Dumb Security Questionnaires”.)

Every security team I’ve worked with agrees on one thing: these are a massive time sink. Everyone wants to “automate” them, but what does that even mean in practice? You can’t deterministically automate inputs written in natural language.

“Do you remember that tool you shared six months ago? What was its name?”

I get this question constantly, and it makes sense. After six+ years of curating cloud security knowledge through CloudSecList (launched in 2019  ) and CloudSecDocs (which followed in 2020  ), I’ve built a vast knowledge base that’s become challenging to navigate.

So I had an idea: What if you could actually chat with your newsletter?

Previous Articles

Building an AppRunner on EC2 with Cloudflare Zero Trust Access
The CloudSec Engineer is released today!
The CloudSec Engineer - We have a release date!
Introducing CloudSecGPT: Your Go-To AI for Cloud Security Insights
Migrating to Google Workspace: Solving Email Routing Challenges
Migrating Terraform state from Terraform Cloud to S3
Zero Trust Access to Private Webapps on AWS ECS with Cloudflare Tunnel
Serverless Emails with Cloudflare Email Routing
Cyber Security Career Pathways    The CloudSec Engineer - Previews
Serverless Ad Blocking with Cloudflare Gateway
MUST READ What to look for when reviewing a company's infrastructure    Cloud Security Strategies
CVE-2022-0847 (aka Dirty Pipe): What does it mean for defenders
Docker on MacOS via minikube (2022 edition)
Remotely Access your Kubernetes Lab with Cloudflare Tunnel    Kubernetes Primer for Security Professionals
Introducing k8s-lab-plz: A modular Kubernetes Lab
Weekly Digests to Increase Visibility and Transparency
Automated GDrive Backups with ECS and S3
Automated Github Backups with ECS and S3
MUST READ On Establishing a Cloud Security Program    Cloud Security Strategies
Automating Cartography Deployments on Kubernetes    Continuous Visibility into Cloud Environments
Kubernetes Lab on Baremetal    Kubernetes Primer for Security Professionals
MUST READ Security Logging in Cloud Environments - GCP    Continuous Visibility into Cloud Environments
A Quick Look at GKE Autopilot (in 15 minutes)
MUST READ Security Logging in Cloud Environments - AWS    Continuous Visibility into Cloud Environments
Semgrep for Cloud Security
Introducing CloudSecDocs.com
Domain-Wide Delegation of Authority in GSuite    Continuous Visibility into Cloud Environments
MUST READ Tracking Moving Clouds: How to continuously track cloud assets with Cartography    Continuous Visibility into Cloud Environments
So I Heard You Want to Learn Kafka    Kubernetes Primer for Security Professionals
MUST READ The Current State of Kubernetes Threat Modelling    Kubernetes Primer for Security Professionals
Building a Serverless Mailing List in AWS
My Blogging Stack
Remote Development with a Chromebook in 2020
MUST READ Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography    Continuous Visibility into Cloud Environments
Cross Account Auditing in AWS and GCP    Continuous Visibility into Cloud Environments
Introducing CloudSecList.com
Deploy Your Own Kubernetes Lab    Kubernetes Primer for Security Professionals
Offensive Infrastructure: the HashiStack    Offensive Infrastructure with Modern Technologies
Critical Vulnerability in Kubernetes API Server (CVE-2018-1002105)
Red Teaming Mind Map from The Hacker Playbook 3
My Arsenal of Cloud Native (Security) Tools    Kubernetes Primer for Security Professionals
Hunt for and Exploit the libSSH Authentication Bypass (CVE-2018-10933)
MUST READ So I Heard You Want to Learn Kubernetes    Kubernetes Primer for Security Professionals
GoScan v2
Offensive Infrastructure: Introduction to Consul    Offensive Infrastructure with Modern Technologies
Offensive ELK: Elasticsearch for Offensive Security
Robtex-Go: Go Client for the Robtex API
Introducing GoScan (aka a reason to learn Go)
Burp Pro as a Docker Container
Docker + Consul + Vault: A Practical Guide
Needle meets Jenkins: how to include Needle in your CI pipeline
Needle v1.0.0 released: new native agent and support for iOS 10
Needle V0.1.1 Released
iOS 9: Effective Jailbreak
Needle V0.0.4 Released
Needle Status Update
A quick intro to Needle
Introducing Needle