Skip to main content
HashnodeCloudSecBurritoCloudSecBurrito

Command Palette

Search for a command to run...

About

About CloudSecBurrito

Why a Burrito?

Because layered security is delicious when done right.

So much cloud security content feels like eating a burrito bowl with white rice and canned pinto beans — technically nourishing, but not exactly satisfying.

CloudSecBurrito is my way to add a little humor with some practical content. Less checkbox, more control. Less hype, more hands-on. One layer at a time.

Let’s walk through a sample burrito — just one example of a security stack.

California Kubernetes Runtime Security

The Carne: Runtime Enforcement

  • KubeArmor enforcing syscalls

  • Falco detecting shell launches

  • AppArmor policies in pods

The Fries: Kubernetes-Native Tools

  • Admission control

  • PodSecurity standards

  • GitOps for policy delivery

The Pico de Gallo: Detection Engineering

  • Reverse shell signals

  • MITRE ATT&CK mapping

  • Real-world tactics, not just CVEs

The Guac and Sour Cream: Optional Extras

  • Commercial overlays (👀 CSPM, CNAPP, etc.)

Like any good burrito, this site isn’t about perfection — just getting it to hold together. Sometimes the salsa runs hot, sometimes the tortilla breaks, but the goal is always the same: help make sense of cloud security, one practical layer at a time.

CloudSecBurrito is here to deliver something a little more satisfying. Pull up a chair. Let’s dig in.

About Me

I’m an SE who wanted to go beyond the burrito bowl blog posts.

This site is my ongoing lab notebook — full of runtime experiments, open source tools, and real-world security stories. It’s part research, part rant, part recipe.

When I’m not building policies or breaking containers, I’m probably destroying lumber in my makeshift workshop or mixing anything with gin.