CloudSLAW Monthly: Fan Fusion Edition

As summer begins it's time to get your Stormtrooper suit on!

Since everyone runs through the labs at their own pace, I like to send out a short monthly update to share news, bring the community together, and sync up on the big picture.

Ah summer! The kids are off of school, the weather is… intolerable (I live in Phoenix — let’s just say we try to travel a lot), and the streets are filled with… cosplay?

It won’t surprise any of you to learn that I’m a bit nerdy, and this has rubbed off on my kids. Every year the timing works out, and Phoenix Fan Fusion (don’t say Comic-Con or you get sued by San Diego) kicks off right when the kids get out of school. Three days of panels, cosplay, shopping, quidditch (think dodgeball + basketball with a fake broom… it’s really pretty fun) and general amusement.

But what might surprise you is that we take our cosplay a little too seriously. About 7 years ago I joined the 501st Legion after building a screen-accurate stormtrooper uniform. What’s the 501st? It’s a Disney-approved charity group that uses cosplay to raise money for various children’s charities. Think Shriners, but instead of riding little, cars we dress up like stormtroopers and Darth Vader.

I’ve always been a huge Star Wars nerd but for a long time I was too intimidated to try building a screen-accurate costume. First you need to find the plastic (there are various versions available once you start looking), then cut it out, size it, piece it together, and get all the little details correct so it’s up to film quality. I learned four things in the process:

  • Learning new skills isn’t all that bad once you start and take the time to work the process. Whether that’s flying an airplane, building stormtrooper armor, or learning cloud security.

  • “Screen accurate” costumes are really pretty sloppy. Think about it — they have budgets and tight timelines. But when someone sees me they see a stormtrooper, not the sloppy hand-painted details. The big picture ties the small parts together.

  • There are very few mistakes you can’t fix by just undoing them and starting over. Worst case, buy a new part.

  • There’s always the next skill to learn.

But most important of all: there’s no better way to learn than to just do!

I had no idea how to build a stormtrooper, until I just did it. Then I built my daughter a from-scratch Sabine Wren costume, even though there weren’t any instructions. This month I learned how to convert my now-yellow (ugh, plastic) stormtrooper into a sandtrooper. Every single time it was intimidating, and every single time I just worked the problem slowly, step by step, hands-on, and built the skills.

Huh. Maybe there’s a message here.

CloudSLAW Plans and News

First the bad news: our Azure version is delayed. I’ll keep everyone updated; I’d still like to do it, but it definitely won’t be this summer.

We are nearly done with our basic org rollout, so for the rest of the summer I plan to focus on three major topics:

  • More IAM. We should be able to get all the foundational IAM content finished, and start moving into the intermediate level.

  • Networking. Can you believe we are nearly 6 months in, and we haven’t touched a network or a virtual machine? It’s time to get that going.

  • Workloads. Specifically instances, which is the AWS name for virtual machines. Workloads and networks run hand in hand, and we will learn some very cool cloud-native things.

My hope is to keep up my weekly cadence through the summer, but I reserve the right to miss a week if I’m off doing something with the family. At our current pace I think we will have a good first pass at building basic secure application stacks before the end of the year.

And, as always, feel free to hit me up with any questions or lesson suggestions at [email protected]. I’ve already made changes based on feedback.

I consume a ton of security content on a weekly basis.

  • First a link on that new Windows Recall feature (thanks to Vulnerable U by Matt Johansen for the link). Kevin Beaumont does a great job explaining how this undermines your personal and professional security. Glad I’m on Macs!

  • This is an advanced topic, but Rami has a great post on discovering a massive AWS-related data leak. He tried everything he could think of to get it shut down before he exposed it, but no luck. This highlights two things:

    • Don’t make things public in cloud!

    • Always have a way for someone to contact your organization if you have a security issue. Had they simply been monitoring security@, this could have been fixed before becoming public.

  • One more newsletter for you! AWS Cloud Security Weekly does a great job of summarizing AWS-specific security news. There’s a TL;DR section to skim, followed by a 3-5 minute read with more detail.

From the CloudSLAW Community

No big questions this month (I lied — just found one I missed in email, so I’ll get back to you soon) but Steve has been making AI artwork based on some of my lab jokes. Here’s my favorite: “What AI comes up with for ‘ChatGPT sitting in the corner, conspiring with a cat’“.

Corrections

  • A couple typos, but no technical corrections this month!

My Other Work and Upcoming Training

Here are the highlights:

Thank you everyone, and please keep the feedback coming!

Reply

or to participate.