Welcome to My Engineering Blog In the fast-paced world of Cloud Computing and DevOps, theory often diverges from reality. This space is dedicated to bridging that gap. I am Gustavo de Oliveira Ferreira, a Cloud & DevOps Engineer with a passion for designing secure, scalable, and resilient systems. Throughout my career, I’ve had the privilege of working on mission-critical projects for major organizations in the financial and healthcare sectors. Why This Blog? The goal of this platform is simple: to share “war stories” and architectural patterns forged in the fires of real-world enterprise environments. ...
A practical guide for implementing SBOM generation, artifact signing, and provenance tracking in enterprise environments, aligned with Executive Order 14028 requirements. Introduction Executive Order 14028 (May 2021) mandates that federal agencies and their software suppliers implement software supply chain security measures, including: Software Bill of Materials (SBOM) generation Artifact signing and provenance verification Secure software development practices The urgency of these requirements was underscored by high-profile supply chain attacks: SolarWinds (2020): Compromised build system affected 18,000+ organizations including federal agencies Log4Shell (2021): CVE-2021-44228 exposed the challenge of identifying affected components across enterprise software portfolios Codecov (2021): CI/CD pipeline compromise demonstrated supply chain attack vectors This article provides a hands-on implementation guide based on real-world enterprise deployments in healthcare, financial services, and telecommunications sectors. ...
A comprehensive guide to deploying Azure Landing Zones with built-in HIPAA compliance, identity governance, and network segmentation for healthcare organizations. Introduction Healthcare organizations migrating to Azure face unique compliance challenges: HIPAA (Health Insurance Portability and Accountability Act) requirements PHI (Protected Health Information) data handling obligations BAA (Business Associate Agreement) contractual requirements HITRUST CSF certification considerations State-specific healthcare regulations (e.g., California CMIA, Texas HB 300) This guide presents a Landing Zone architecture proven in Fortune 40 healthcare environments, incorporating Azure-native security controls mapped to HIPAA Technical Safeguards. ...
Implementing Pod Security Standards, Network Policies, and Policy-as-Code for FedRAMP, NIST SP 800-53, and CMMC compliance in Kubernetes environments. Introduction Organizations operating Kubernetes clusters in regulated environments face complex compliance requirements: FedRAMP: Federal Risk and Authorization Management Program NIST SP 800-53: Security and Privacy Controls for Information Systems CMMC 2.0: Cybersecurity Maturity Model Certification for DoD contractors PCI DSS: Payment Card Industry Data Security Standard HIPAA: Health Insurance Portability and Accountability Act This guide provides actionable security baselines based on production deployments in healthcare, financial services, and government-adjacent workloads. ...
Introduction In the healthcare sector, compliance with regulations like HIPAA (Health Insurance Portability and Accountability Act) is not just a legal requirement, but an ethical imperative. Ensuring the privacy and security of patient data is paramount. Cloud adoption, especially AWS, offers agility and scalability but also presents challenges in maintaining compliance complexity. This is where Infrastructure as Code (IaC) becomes a powerful tool. This article explores how I utilized IaC, focusing on Terraform, to automate the implementation of security controls supporting HIPAA compliance in AWS environments, based on my experience with the Humana project. ...
Introduction The financial sector is a prime target for cyberattacks, and software supply chain security became a critical concern following incidents like SolarWinds. Ensuring the integrity and provenance of the software we use and deliver is fundamental. My experience at major financial institutions like Serasa Experian and Banco Bradesco provided insights into how DevSecOps practices, specifically Software Bill of Materials (SBOM) Generation and Artifact Signing, are crucial for building a more resilient software supply chain. ...
Introduction The banking sector demands infrastructure that is robust, scalable, and above all, secure. At Banco Bradesco, we faced the challenge of orchestrating thousands of containers efficiently and securely while ensuring high availability and regulatory compliance. Our solution was to implement Azure Red Hat OpenShift (ARO). This article explores our journey with ARO, the benefits it brought to the banking environment, and how GitOps was crucial for the success of large-scale orchestration. ...