Lightspin Blog | Jonathan Rau

Jonathan Rau

Jonathan is the new Chief Information Security Officer, joining us from IHS Markit, a global information services company, where he ran Cloud & Offensive Security and created a security data graph project with his team. Jonathan has held roles at AWS, NBCUniversal, Blue Cross/Blue Shield and is a US Army veteran. Outside of work Jonathan works on his blog, open source projects, spends time with his 2 daughters and practices home cooking, research in military histories of the world, and travels around the East Coast of the US.

Cloud Security
What Is Graph Technology? What Can It Do?
Graph technology can help examine your data from a new perspective; find out how graph technology may find previously unseen relationships in your data.

— Read more ▸
Cloud Security

Research
Azure Cloud Shell Command Injection Stealing User’s Access Tokens
This post describes how I took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users’ terminals.

— Read more ▸
Cloud Security
What is Agentless Scanning & Do I Need It?
Agentless scanning is an important security tool. We discuss how agentless scanning works, how it differs from agent-based scanning, and whether you need both.

— Read more ▸
Cloud Security

DevSecOps

Research
The guide to analyzing Kubernetes runtime detection alerts using Amazon Athena
Lightspin created a public repository with common use cases to simulate unusual/malicious activities within the Kubernetes cluster.

— Read more ▸
Cloud Security
What is SOC2 Compliance?
Cloud security is an ongoing requirement for all organizations born and built in the cloud. One way to probably demonstrate security controls is with a SOC 2 report.

— Read more ▸
Democratizing cloud security: introducing our FREE plan
Introducing our self-serve Free plan, and a jam-packed Premium offering. We’ve removed the guesswork from the traditional software buying process.

— Read more ▸
DevSecOps
What is DevSecOps? How Does It Work & What Are the Benefits?
Curious about DevSecOps? We explain what DevSecOps is, how it works, and how integrating security throughout development helps create more secure systems.

— Read more ▸
Research
The Complete Guide to AWS KMS
The Complete Guide to AWS KMS. AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the cryptographic keys used to protect ...

— Read more ▸
DevSecOps
What Is the Principle of Least Privilege & Why Does It Matter?
The Principle of Least Privilege can improve the security of your system. Learn what Principle of Least Privilege is, how it works, and best practices.

— Read more ▸
DevSecOps
What Is CI/CD Security & Why Does It Matter?
Wondering about CI/CD security? We explain why CI/CD security is essential, how it works, the tools you need, and best practices to overcome the challenges.

— Read more ▸