| Follow @lancinimarco | Subscribe to CloudSecList

Reading time ~2 minutes

Introducing CloudSecDocs.com

Ever since I started studying for OSCP in 2014, I started taking (technical) notes of everything I was learning in a OneNote notebook. Over the years, that OneNote notebook grew until it became a daily go-to point, and a sort of extension of my knowledge (since I tend not to rely on hard memory as much as I can).

A screenshot of my (now old) OneNote notebook
A screenshot of my (now old) OneNote notebook

This didn’t change when I started approaching the Cloud Security domain. So, for the past few years, I’ve been collecting information as I was getting accustomed to DevOps concepts, Docker, Kubernetes, and the main cloud providers (AWS, GCP, and Azure).

Now, I’ve decided to make these notes public for everyone to consult.

The Problem with OneNote

The main challenge, though, was due to the fact that OneNote wasn’t fit for the case anymore, as I wanted something that could’ve been browsed without installing additional client applications (hence the need to be web based), and that could’ve been reachable from anywhere from the internet.

On top of this, there was no easy way to export content from OneNote itself. So I decided to commit some time to make the migration to a more “modern” platform (namely mkdocs.org), de-facto having to manually port content from the unstructured OneNote into markdown. On this topic, I also have to thank @fianderlisa for massively helping in this migration.

Enter CloudSecDocs

The result is CloudSecDocs.com, a website collecting technical notes, how-tos, and cheatsheets related to cloud-native technologies (not only security-focused), hand curated by myself. Additionally, I envision this website to integrate closely with CloudSecList, as every week I’ll add the more interesting articles back there.

CloudSecDocs Logo
CloudSecDocs Logo

If you are interested, you can go have a look at: CloudSecDocs.com.

The website is currently composed by 8 main sections (as shown in the table below), each containing my personal notes on that specific topic:

Section Content
Containers Docker & Kubernetes fundamentals, architecture, sample apps, usage
Container Security Theory beyond Docker & Kubernetes security, Offensive security & Pentest resources, Devops resources (secure deployment, supply chain, monitoring, tooling, etc)
Devops SDLC, tooling, design & processes
AWS Services overview, Offensive security & Pentest resources, Devops resources (best practices, tooling, etc.)
Azure Services overview, Offensive security & Pentest resources, Devops resources (best practices, tooling, etc.)
GCP Services overview, Offensive security & Pentest resources, Devops resources (best practices, tooling, etc.)
Kafka Security & tooling
Culture & Engineering Security programs, engineering decisions, organizational structures, management

Call for Feedback

Most of all, I’m keen on getting feedback! If you find the information shared is useful, if something is missing, or if you have ideas on how to improve it, please let me know on Twitter @lancinimarco.

Subscribe to CloudSecList

If you found this article interesting, you can join thousands of security professionals getting curated security-related news focused on the cloud native landscape by subscribing to CloudSecList.com.

Marco Lancini

Marco Lancini
Hi, I'm Marco Lancini. I am a Principal Security Engineer, advisor, investor, and writer mainly interested in cloud native technologies, security, and technical leadership...  [read more] 

Semgrep for Cloud Security

Published on December 12, 2020

Domain-Wide Delegation of Authority in GSuite

Published on September 16, 2020