Reading time ~2 minutes
Ever since I started studying for OSCP in 2014, I started taking (technical) notes of everything I was learning in a OneNote notebook. Over the years, that OneNote notebook grew until it became a daily go-to point, and a sort of extension of my knowledge (since I tend not to rely on hard memory as much as I can).
This didn’t change when I started approaching the Cloud Security domain. So, for the past few years, I’ve been collecting information as I was getting accustomed to DevOps concepts, Docker, Kubernetes, and the main cloud providers (AWS, GCP, and Azure).
Now, I’ve decided to make these notes public for everyone to consult.
The Problem with OneNote
The main challenge, though, was due to the fact that OneNote wasn’t fit for the case anymore, as I wanted something that could’ve been browsed without installing additional client applications (hence the need to be web based), and that could’ve been reachable from anywhere from the internet.
On top of this, there was no easy way to export content from OneNote itself. So I decided to commit some time to make the migration to a more “modern” platform (namely mkdocs.org), de-facto having to manually port content from the unstructured OneNote into markdown. On this topic, I also have to thank @fianderlisa for massively helping in this migration.
The result is CloudSecDocs.com, a website collecting technical notes, how-tos, and cheatsheets related to cloud-native technologies (not only security-focused), hand curated by myself. Additionally, I envision this website to integrate closely with CloudSecList, as every week I’ll add the more interesting articles back there.
If you are interested, you can go have a look at: CloudSecDocs.com.
The website is currently composed by 8 main sections (as shown in the table below), each containing my personal notes on that specific topic:
|Containers||Docker & Kubernetes fundamentals, architecture, sample apps, usage|
|Container Security||Theory beyond Docker & Kubernetes security, Offensive security & Pentest resources, Devops resources (secure deployment, supply chain, monitoring, tooling, etc)|
|Devops||SDLC, tooling, design & processes|
|AWS||Services overview, Offensive security & Pentest resources, Devops resources (best practices, tooling, etc.)|
|Azure||Services overview, Offensive security & Pentest resources, Devops resources (best practices, tooling, etc.)|
|GCP||Services overview, Offensive security & Pentest resources, Devops resources (best practices, tooling, etc.)|
|Kafka||Security & tooling|
|Culture & Engineering||Security programs, engineering decisions, organizational structures, management|
Call for Feedback
Most of all, I’m keen on getting feedback! If you find the information shared is useful, if something is missing, or if you have ideas on how to improve it, please let me know on Twitter @lancinimarco.