Thomas Segura

I'm a senior technical writer with a strong background in cybersecurity and software engineering. I write developer-focused content that explores trade-offs, challenges assumptions, and helps teams make informed security decisions.

Read my work
Book — 2024
Crafting Secure Software book cover

Crafting Secure Software: An engineering leader's guide to security by design

with Greg Bulmash · 2024

How and why modern software systems are targeted by malicious actors — and practical, design-first approaches to building more resilient applications.

View on Amazon →
Featured
Docker Security Best Practices — cheat sheet includedFeatured on blog.gitguardian.com
English articles
OIDC for Developers: Reasons Your Auth Integration Could Be Brokenblog.gitguardian.com Secure GitOps Workflows: A Practical Guide to Secrets Managementinfisical.com From Implicit to Explicit: Why code signing is the missing link in DevSecOpssignpath.io Your Client Requires NIS2 Vulnerability Patching. Now What?aikido.dev Container Isolation is Not Safetycontainerjournal.com What 30 Years of Linux Taught the Software Industrydevops.com Everything you Need to Know About Terraform's Ephemeral Resourcesinfisical.com Scanning Docker for Secretsinfosecurity-magazine.com Hackers love GitHub dorks — SecOps love outsmarting themtheregister.com Shifting Left with Precommit Hooksinfosecurity-magazine.com Security Predictions 2022: The good, the bad and the uglyhelpnetsecurity.com How Secrets Lurking in Source Code Lead to High-Profile Cyberattacksthehackernews.com The Truth About False Positives in Security Toolsthehackernews.com Detect Hardcoded Secrets with GitGuardiancircleci.com 8 Easy Steps to Set Up Multiple GitHub Accounts — cheat sheet includedblog.gitguardian.com 10 Rules for Better Cloud Securityblog.gitguardian.com How Software Supply Chain Security is Evolvingthehackernews.com Infrastructure-as-Code Security: A Critical Responsibilitycyberdefensemagazine.com You Don't Know Where Your Secrets Arethehackernews.com GitHub Actions Security Best Practices — cheat sheet includedblog.gitguardian.com The Secret Vulnerability Finance Execs Can't Afford to Ignorethehackernews.com The Pivot: How MSPs Can Turn a Challenge Into a Once-in-a-Decade Opportunitythehackernews.com Why CISOs Absolutely Must Take Authentication Secrets Much More Seriouslylastwatchdog.com Are Source Code Leaks the New Threat?thehackernews.com Why Honeytokens Are the Future of Intrusion Detectionthehackernews.com CI/CD Risks: Protecting Your Software Development Pipelinesthehackernews.com The Secret Weakness Execs Are Overlooking: Non-Human Identitiesthehackernews.com
French articles
Conteneurs : isolement n'est pas synonyme de sécuritéjournaldunet.com 10 règles pour une meilleure sécurité du cloudjournaldunet.com Eric Fourrier, CTO & co-fondateur de GitGuardiancybermagazine.com Le code a-t-il fuité ?maddyness.com DevOps : les informations d'identification codées en durzdnet.fr Développement logiciel et cybersécuritésolutions-numeriques.com Comment les secrets cachés dans le code source conduisent à des cyberattaquessolutions-numeriques.com Développement logiciel sécurisé : les 10 meilleures pratiquessilicon.fr L'Art de Protéger les Secretssolutions-numeriques.com Leçons de la cyber attaque XZ Utilsinformatiquenews.fr Secrets dévoilés : pourquoi les RSSI devraient s'inquiéter de Slackjournaldunet.com Préoccupations de sécurité de GitHub Copilotitsocial.fr AppSec : gestion des secretssilicon.fr