Josiah Bruner
LightNews LightNews
banner
josiahbruner.com
Josiah Bruner
@josiahbruner.com
33 followers 160 following 4 posts
Security engineer at jellyfish.co. Co-founder of riskytrees.com.

aka @JosiahBruner@ioc.exchange
Posts Replies Media Videos
josiahbruner.com
I've gotten so sick of debugging slightly invalid IAM policies in terraform code that I decided to write a provider that lets you automatically validate policies at planning time using AWS IAM policy validation APIs.

If this sounds interesting, check out: registry.terraform.io/providers/Jo...
Terraform Registry
registry.terraform.io
September 6, 2025 at 3:49 PM
josiahbruner.com
I decided to articulate some thoughts on where I think security engineering needs some maturing, after finally hitting a decade in the software industry: riskytrees.com/blog/when-security-engineering-is-neither-security-nor-engineering.
When Security Engineering is Neither Security, nor Engineering — RiskyTrees
Welcome, dear reader, to the first – and perhaps last – opinion-style blog post I will ever write. This post is intended for folks who take an interest in the security industry (which I’ve now been i...
riskytrees.com
June 11, 2025 at 8:47 PM
Reposted by Josiah Bruner
eff.org
EFF Statement on U.S. Supreme Court's Decision to Uphold TikTok Ban:
We are deeply disappointed that the Court failed to require the strict First Amendment scrutiny required in a case like this, which would’ve led to the inescapable conclusion that the government's desire to prevent potential future harm had to be rejected as infringing millions of Americans’ constitutionally protected free speech. We are disappointed to see the Court sweep past the undisputed content-based justification for the law – to control what speech Americans see and share with each other – and rule only based on the shaky data privacy concerns. The United States’ foreign foes easily can steal, scrape, or buy Americans’ data by countless other means. The ban or forced sale of one social media app will do virtually nothing to protect Americans' data privacy – only comprehensive consumer privacy legislation can achieve that goal. Shutting down communications platforms or forcing their reorganization based on concerns of foreign propaganda and anti-national manipulation is an eminently anti-democratic tactic, one that the US has previously condemned globally.
January 17, 2025 at 4:01 PM
josiahbruner.com
I had the privilege of working with Jellyfish's wonderful IT team to build a pretty slick approach for just-in-time, capability-based IAM access control scheme in AWS. If you're curious what that means or how it works, check out our blog post: jellyfish.co/blog/are-you...
“Are you still eating that?” (Access Control at Jellyfish) | Jellyfish Blog
Our customer’s security is paramount. Learn about Jellyfish's defences in our AWS environment and how we keep our customer data safe.
jellyfish.co
March 16, 2024 at 12:21 PM