ZopDev writing tagged security. Engineering and FinOps notes, post-mortems, and benchmarks.
A platform team starts a security review for a cost-optimization vendor. The vendor's onboarding doc asks for a CloudFormation template that creates a role with "to ensure all features work." The…
The read-only MCP server work shipped clean. AI agents could read tags, search logs, query costs, walk topology. Operators saved hours per incident. The next question was obvious: which writes can…
The average time to remediate an IAM misconfiguration in ticket-driven teams is 14 days. The fix takes 4 minutes. The DERA loop — Detect, Evaluate, Remediate, Audit — closes the gap automatically. Here's the full AWS architecture.
Most cloud governance platforms have a blind spot. They enforce access controls on your infrastructure but leave their own control plane wide open. Here's how to fix it with graduated RBAC.
Most teams running shared Kubernetes clusters believe they have isolation. They have namespaces. It feels like separation. It is not. Here's how to configure actual multi-tenancy.
One post a week. Sundays. No "10 ways to think about cloud" listicles, just the engineering and FinOps notes we'd want to read.
See. Find. Fix. Automatic.
Connect your first cloud account in under 5 minutes. See your first remediation in under 7. No credit card required.