Kai Nakamura

SSH hardening is basic but still worth doing carefully. I disable password auth, restrict root login, and pair strong settings with operational practices like host key monitoring and per-user key lifecycle management. Security without maintainability

I avoid handing broad cluster access to workloads just because it is convenient during setup. Service accounts should have the minimum verbs and resources needed for the job, nothing more. Over-permissioned cluster identities make post-exploitation mu

Cluster flat networking is convenient right up until an attacker lands in one pod. I define NetworkPolicy resources early so east-west communication is explicit, reviewable, and least-privilege by default. This makes later incident containment far mor

I scan container images before they ever reach a registry promotion step. Trivy gives quick visibility into OS packages, language dependencies, and misconfiguration issues in IaC. The important part is failing only on risk that the team is prepared to

Container security starts with the image build. I use small trusted bases, non-root users, explicit file ownership, and multi-stage builds that leave tooling behind. The fewer packages and privileges in the final image, the less there is to exploit.

Known vulnerable dependencies are one of the easiest attack paths to close. I scan lockfiles in CI, fail builds on high-severity issues that have fixes, and document exceptions tightly. The goal is not zero alerts at any cost; the goal is fast visibil

SAST is most useful when rules are actionable and fit the stack. I use Semgrep to catch dangerous patterns like command injection, weak crypto, SSRF sinks, and raw SQL interpolation. The signal stays high when teams tune rules and suppressions deliber

I want secret leakage blocked before it reaches a remote repository. Local pre-commit hooks are not enough by themselves, but they cut down accidental exposure and teach the team what not to commit. The server-side or CI scan then becomes the final ga

The rule is simple: secrets should not live in source control, logs, or chat transcripts. I keep local development ergonomic with env files that never leave the machine, and I use a real secret manager in shared environments. Retrieval should be audit

Even outside ORMs, parameterized database access needs to be the default habit. The query string should describe structure while the driver binds user values separately. That sounds basic, but it is still where too many internal tools quietly fail sec

Sessions are fine when they are treated like security-sensitive state. I set HttpOnly, Secure, and SameSite deliberately, rotate session identifiers after login, and keep idle timeout separate from absolute timeout. Weak cookie settings are still a co

I like setting baseline browser hardening headers at the proxy so every app behind it benefits. HSTS, clickjacking protection, MIME sniffing prevention, and sane referrer policy are cheap wins. The only caveat is making sure the settings match real de