Jerrad Dahlager
@nineliveszerotrust.com
Cloud Security Architect | Adjunct Instructor | Writing about cloud security for the curious 🐱 | CISSP | CCSP | MN Sports ⚾ | nineliveszerotrust.com
Service principals can't activate PIM roles. AI agents and CI/CD pipelines get standing privilege 24/7 for tasks that take minutes.
Built a Zero Standing Privilege gateway with Azure Functions. Auto-revoke, full audit trail.
nineliveszerotrust.com/blog/zero-st...
#ZeroTrust #Azure #AgenticAI
Built a Zero Standing Privilege gateway with Azure Functions. Auto-revoke, full audit trail.
nineliveszerotrust.com/blog/zero-st...
#ZeroTrust #Azure #AgenticAI
January 30, 2026 at 2:36 PM
Service principals can't activate PIM roles. AI agents and CI/CD pipelines get standing privilege 24/7 for tasks that take minutes.
Built a Zero Standing Privilege gateway with Azure Functions. Auto-revoke, full audit trail.
nineliveszerotrust.com/blog/zero-st...
#ZeroTrust #Azure #AgenticAI
Built a Zero Standing Privilege gateway with Azure Functions. Auto-revoke, full audit trail.
nineliveszerotrust.com/blog/zero-st...
#ZeroTrust #Azure #AgenticAI
New post: Building a serverless edge prompt filter for LLM security
Catches injection attacks + PII at the edge before semantic analysis. One layer in defense-in-depth.
Full post + Terraform lab: nineliveszerotrust.com/blog/llm-prompt-injection-firewall/
#AISecurity #AWS
Catches injection attacks + PII at the edge before semantic analysis. One layer in defense-in-depth.
Full post + Terraform lab: nineliveszerotrust.com/blog/llm-prompt-injection-firewall/
#AISecurity #AWS
January 13, 2026 at 4:27 PM
New post: Building a serverless edge prompt filter for LLM security
Catches injection attacks + PII at the edge before semantic analysis. One layer in defense-in-depth.
Full post + Terraform lab: nineliveszerotrust.com/blog/llm-prompt-injection-firewall/
#AISecurity #AWS
Catches injection attacks + PII at the edge before semantic analysis. One layer in defense-in-depth.
Full post + Terraform lab: nineliveszerotrust.com/blog/llm-prompt-injection-firewall/
#AISecurity #AWS
Microsoft’s Sentinel MCP Server went GA. Sentinel logs contain attacker-influenced fields. When AI processes this data, prompt injection becomes possible.
Walkthrough on setup, attack vectors, and hardening below.
nineliveszerotrust.com/blog/sentine...
#MicrosoftSentinel #AISecurity #MCP
Walkthrough on setup, attack vectors, and hardening below.
nineliveszerotrust.com/blog/sentine...
#MicrosoftSentinel #AISecurity #MCP
Sentinel MCP Server: Securing Your SOC's New AI Attack Surface
Microsoft's Sentinel MCP Server lets AI agents query your security data lake. Here's what that means for your attack surface, and how to lock it down.
nineliveszerotrust.com
January 10, 2026 at 8:33 PM
Microsoft’s Sentinel MCP Server went GA. Sentinel logs contain attacker-influenced fields. When AI processes this data, prompt injection becomes possible.
Walkthrough on setup, attack vectors, and hardening below.
nineliveszerotrust.com/blog/sentine...
#MicrosoftSentinel #AISecurity #MCP
Walkthrough on setup, attack vectors, and hardening below.
nineliveszerotrust.com/blog/sentine...
#MicrosoftSentinel #AISecurity #MCP
No keys to rotate. No secrets to leak.
New post: Container supply chain security with GitHub Actions - vuln scanning, SBOM generation, keyless signing, and SLSA provenance.
Stack: Trivy, Syft, Cosign + Sigstore.
Blog + repo:
nineliveszerotrust.com/blog/contain...
#DevSecOps #infosec
New post: Container supply chain security with GitHub Actions - vuln scanning, SBOM generation, keyless signing, and SLSA provenance.
Stack: Trivy, Syft, Cosign + Sigstore.
Blog + repo:
nineliveszerotrust.com/blog/contain...
#DevSecOps #infosec
Secure Your Container Supply Chain: SBOM, Signing & Attestation with GitHub Actions
Build a keyless container pipeline with vulnerability scanning, SBOM generation, signing, and build provenance - no long-lived secrets required. Complete GitHub Actions workflow included.
nineliveszerotrust.com
January 2, 2026 at 10:32 PM
No keys to rotate. No secrets to leak.
New post: Container supply chain security with GitHub Actions - vuln scanning, SBOM generation, keyless signing, and SLSA provenance.
Stack: Trivy, Syft, Cosign + Sigstore.
Blog + repo:
nineliveszerotrust.com/blog/contain...
#DevSecOps #infosec
New post: Container supply chain security with GitHub Actions - vuln scanning, SBOM generation, keyless signing, and SLSA provenance.
Stack: Trivy, Syft, Cosign + Sigstore.
Blog + repo:
nineliveszerotrust.com/blog/contain...
#DevSecOps #infosec
A common Terraform misconception: sensitive redacts output, not state.
sensitive=true only redacts output. Secrets still end up in state/plan files.
1.11’s write-only args fix this.
Hands-on guide with AWS + Azure examples
nineliveszerotrust.com/blog/terrafo...
#CloudSecurity #DevSecOps
sensitive=true only redacts output. Secrets still end up in state/plan files.
1.11’s write-only args fix this.
Hands-on guide with AWS + Azure examples
nineliveszerotrust.com/blog/terrafo...
#CloudSecurity #DevSecOps
December 27, 2025 at 2:22 AM
A common Terraform misconception: sensitive redacts output, not state.
sensitive=true only redacts output. Secrets still end up in state/plan files.
1.11’s write-only args fix this.
Hands-on guide with AWS + Azure examples
nineliveszerotrust.com/blog/terrafo...
#CloudSecurity #DevSecOps
sensitive=true only redacts output. Secrets still end up in state/plan files.
1.11’s write-only args fix this.
Hands-on guide with AWS + Azure examples
nineliveszerotrust.com/blog/terrafo...
#CloudSecurity #DevSecOps
First post! Glad to be here on Bluesky.
Nine Lives, Zero Trust is live. 🚀
I write about cloud security & the stuff that keeps defenders up at night.
Three cats taught me nothing should be trusted, especially at 3 AM.
nineliveszerotrust.com
#CloudSecurity #InfoSec #ZeroTrust #DevSecOps
Nine Lives, Zero Trust is live. 🚀
I write about cloud security & the stuff that keeps defenders up at night.
Three cats taught me nothing should be trusted, especially at 3 AM.
nineliveszerotrust.com
#CloudSecurity #InfoSec #ZeroTrust #DevSecOps
Nine Lives, Zero Trust
A cloud security blog about systems, resilience, and always landing on your feet. By Jerrad Dahlager.
nineliveszerotrust.com
December 24, 2025 at 5:17 AM
First post! Glad to be here on Bluesky.
Nine Lives, Zero Trust is live. 🚀
I write about cloud security & the stuff that keeps defenders up at night.
Three cats taught me nothing should be trusted, especially at 3 AM.
nineliveszerotrust.com
#CloudSecurity #InfoSec #ZeroTrust #DevSecOps
Nine Lives, Zero Trust is live. 🚀
I write about cloud security & the stuff that keeps defenders up at night.
Three cats taught me nothing should be trusted, especially at 3 AM.
nineliveszerotrust.com
#CloudSecurity #InfoSec #ZeroTrust #DevSecOps