I've been doing a lot of writing recently.

Not blog writing, of course, but writing for work.

Security and cloud topics being what they are, reading paragraph after paragraph can get a bit much.

I try to break things up with external references, and the occasional images and videos.

This week I tried to add something trivially simple - a generated diagram. Little did I know how much of a yak shaving exercise that would turn out to be.

I've been occasionally called upon to do more offensive security work.

Traditionally, the basic toolset would be Kali Linux in a virtual machine.

However, a few years ago it become possible to run it directly in Windows under WSL2, as a much neater and quicker approach.

Later, for an even lighter solution, Docker images of Kali became available.

Earlier this year, Apple released native containerisation support in MacOS, and running Kali containers on Macs becames an intriguing option.

Late last year I saw an unexpected UX failure when adding a new Microsoft Authenticator app as the MFA method. It appears that a few months later the issue still persists.

I've recently been running a few Kubernetes lab scenarios in Azure.

Usually I try to set such things up via Azure Powershell.

However this has been a learning experience of the feature disparity between Azure Powershell and Azure CLI.

I've recently come across "The Good Parts of AWS" by Daniel Vassallo and Josh Pschorr.

It's an enjoyable read and quite handy for the right audience, but some readers may want more.

Following on from the last few posts on Microsoft certifications, there are now several practical, hands-on alternative learning options in the new Applied Skills series.

Earlier this year Splunk launched a new Cybersecurity Defense Analyst certification, with more emphasis on Cybersecurity content, not only Splunk knowledge. This month the certification is out of the beta, and results are public. Most of the study material is freely available and the exam is inexpensive, making this potentially an attractive certification to have.

Following on from an earlier post, this post covers the Azure area of Microsoft certifications and how they may be of relevance from a security perspective.

Following on from an earlier post, this post covers the Security and Compliance area of Microsoft certifications and how they may be of relevance from a security perspective.

Following on from an earlier post, this post covers the MS365 area of Microsoft certifications and how they may be of relevance from a security perspective.