I like to travel, explore and admire new environments. Similarly, in my day-to-day job, I want to explore new technologies, look at architectural challenges with the solutions I design, and help engineers.

Exploring is my second nature; it’s my curiosity and desire to learn – experience new things. With Cloud Computing, many developments happen daily, including new services, updates, and learnings. I like that, and with my role at InfoQ, I can cover these developments through news stories. Moreover, in my day job, I deal with cloud computing daily, specifically Microsoft Azure and integrating systems through Integration Services.

Exams

An area that got my attention this year was governance and security.  I wrote two blogs this year – a blog on secret management in the cloud and one titled a high-level view of governance. In addition, I started exploring resources from Microsoft on Governance and Security on their learning platform. And recently, I planned to prepare for some certifications for that matter with:

• Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals
• Exam AZ-500: Microsoft Azure Security Technologies
• Exam SC-100: Microsoft Cybersecurity Architect

I passed the first, and the other two are scheduled for Q1 in 2023.

The goal of preparing for the exams is learning more about security, as its an important aspect when designing integration solutions in Azure.

Source: https://learn.microsoft.com/en-us/azure/architecture/framework/security/overview

Another good source is the well-architected framework: Security Pillar.

New Items

The dominant three public cloud providers, Microsoft, AWS, and Google, provide services and guidance on security on their platforms. As a cloud editor at InfoQ, I sometimes cover stories on their products, open-source initiatives, and architecture. Here’s a list of security and governance-related news items I wrote in 2022:

• Microsoft Releases Azure Payment HSM in Public Preview for the Payment Card Industry
• New CodeGuru Reviewer Features Detector Library and Security Detectors for Log-Injection Flaws
• Improve Access Control of Google Cloud SQL with IAM Conditions and Tags
• Orchestrate Operations, Validations, and Approvals on Data Entities with Azure Purview Workflows
• Microsoft Brings Private Link Support in Preview to Azure API Management
• Microsoft Rebrands its Data Governance Service to Microsoft Purview
• Google Cloud Announces Advanced API Security through Apigee
• New Microsoft Defender Products: Threat Intelligence and External Attack Surface Management
• Virtual Machine Threat Detection in Google Security Command Center Now Generally Available
• AWS Announces Preview Release of Amazon Security Lake
• AWS Key Management Service Now Supports External Key Stores
• AWSGoat Open-Source Project for Pen Testing AWS Cloud Solutions (there’s also an AzureGoat)

Source: https://github.com/ine-labs/AzureGoat#module-1

Books

Next to writing news items, my day-to-day job, traveling, and sometimes running, I read books. The security-related books I read and am reading are:

• Mastering Azure Security: Keeping your Microsoft Azure workloads safe, 2nd Edition by Mustafa Toroman and Tom Janetscheck. The book introduces different areas, from identity to network security. In addition, there’s a GitHub repo containing code.
• And a book Manning Publications pointed out to me called Azure Security, a Manning Early Access Program (MEAP) book by Bojan Magusic.

Another one I might get is a recent book published by APress titled: Azure Security For Critical Workloads: Implementing Modern Security Controls for Authentication, Authorization, and Auditing by Sagar Lad.

Microsoft Valuable Professional Security

Another thing I recently learned is that there is a new award category within the MVP program: Azure Security. The focus for this area lies on contributions in:

• Cloud Security in general on Azure, think about Microsoft Azure services like Key Vault, Firewall, Policy, and concepts like Zero Trust Model and Defense in Depth.
• Identity & Access, including management, hence Azure Active Directory (AAD) or, in general, Microsoft Entra.
• Security Information and Event Management (SIEM) & Extended Detection and Response (XDR) – think about Microsoft’s product Sentinel.

Lastly, I am looking forward to 2023, which will bring me new challenges, destinations to travel to, and hopefully, success in passing the exams I have lined up for myself.