DevSecOps on CybersecurityOS

Threat Modeling in Plain English: A Guide for Engineering Teams

Sun, 31 May 2026 00:00:00 +0000

Most engineering teams know they should be doing threat modeling.

Very few actually do it — and the ones who try often produce a document that gets filed away and never looked at again.

The problem isn’t motivation. It’s that almost every guide to threat modeling is written for security teams, not engineering teams. The language is wrong. The framing is wrong. The process feels like a compliance exercise instead of something that makes the software actually harder to attack.

SPECTRA: AI-Powered Vulnerability Triage That Actually Works for Security Teams

Sun, 10 May 2026 00:00:00 +0000

Security teams are not losing the fight because of bad tools. They’re losing it because of volume.

In 2025, 131 new CVEs were disclosed every single day — up from 113 per day the year prior. Meanwhile, the global cybersecurity workforce gap has reached 4.8 million unfilled positions, and budget cuts — not lack of talent — are now the primary driver of security team understaffing. The signal is buried in the noise, and analysts spend more hours normalizing scanner outputs and writing summaries than actually remediating risk.

Building a Secure DevSecOps Pipeline: Deploying to Amazon ECR with GitHub Actions and Trivy

Tue, 03 Dec 2024 00:00:00 +0000

In today’s rapidly evolving tech landscape, incorporating security into every step of the development lifecycle is essential. DevSecOps ensures that security is baked into the process, not bolted on afterward.

This blog post will walk you through setting up a secure CI/CD pipeline to deploy a container image to Amazon Elastic Container Registry (ECR) using GitHub Actions, with vulnerability scanning using Trivy.

By the end of this guide, you’ll have a secure, automated workflow that builds, scans, and pushes your container images to ECR.

Turbocharge Your Container Security with NVIDIA's NIM Agent Blueprint

Thu, 17 Oct 2024 23:29:07 -0500

Let’s be real—cybersecurity is getting crazier by the day. The number of vulnerabilities out there is skyrocketing, and keeping up with them is like playing whack-a-mole on expert level. By the end of 2023, the CVE database was pushing past 200K reported vulnerabilities. Now, imagine trying to sift through hundreds of data points just to assess a single container for risks. Yeah, no thanks.

But here’s the good news: NVIDIA’s cooking up something that’ll make your life a whole lot easier—and faster. The NIM Agent Blueprint is an AI-driven, GPU-powered answer to container security woes, turning the days-long process of vulnerability analysis into a matter of seconds. Seconds! That’s the kind of efficiency every security team needs in their arsenal.

The Power of AI in DevSecOps: Building Secure Applications Faster

Wed, 25 Sep 2024 23:29:07 -0500

As artificial intelligence (AI) rapidly advances, its profound implications for these practices offer unprecedented opportunities to further strengthen our security posture and streamline processes.

In this post I will focus on the transformative integration of DevSecOps and how the shift-left philosophy has fundamentally enhanced how organizations approach security throughout the software development lifecycle.

Understanding DevSecOps and Shifting Left

DevSecOps integrates security practices within the DevOps process, ensuring that security is a shared responsibility throughout the software development lifecycle.