Adam Pietrzycki

The TeamPCP Supply Chain Attack

Thu, 26 Mar 2026 00:00:00 +0000

Wiz Cloud Security Championship

Mon, 01 Dec 2025 00:00:00 +0000

Leaderboard

May 2026: Glass House

We open-sourced the platform powering this CTF. What could go wrong?

April 2026: Split Horizon

Investigate a restricted Kubernetes lab and reach an isolated workload.

March 2026: Happy Birthday

Celebrate S3’s 20th birthday by finding the hidden present.

February 2026: Trust Issues

Investigate a breach and uncover how company data was exfiltrated.

Datadog State of Cloud Security 2025 - Fact 4

Wed, 08 Oct 2025 00:00:00 +0000

Preventing secret leaks in Docker Images

Sat, 05 Apr 2025 10:48:48 +0100

Over the years, I’ve seen multiple teams get caught out by their approach to using Docker Images. There are quite a few quirks to dockerfiles that don’t entirely make sense initially, especially around layers and how you can chain certain things together to build more efficient images. This does occasionally also mean that secrets end up in the built images, which is not great.

COPY

The primary culprit of things existing in Docker Images that have no business being there is the use of COPY . /app. It’s less of an issue with multi-stage builds, but from what I’ve seen around Python and Node images, people seem to use a single stage. Without a .dockerignore file, many hidden files and directories will be copied to the image; which can lead to things like .env and .git being accessible if the app or web server have been mis-configured.

Dockerfile ONBUILD for customisable images

Sun, 16 Feb 2025 20:13:34 +0000

Over the past couple of weeks, I’ve been working on building new base images for teams to use for their services. I designed these images to be small, yet include commonly used tools, and to ensure they remain patched and up-to-date.

One of those tools is Poetry, which recently had a major version of release as I was working on the images. At first I included multiple versions of Poetry in the matrix, but as I added more things to the matrix, the number of images grew quickly.

Things I have automated at work

Sat, 15 Feb 2025 14:13:28 +0100

Reviewing firewall rules across AWS, GCP and Azure

Tools: AWS CDK, Wiz, AWS, Google Drive, Slack

Languages: TypeScript, Python

To ensure SOC 2 compliance, we conduct multiple firewall reviews throughout the year. Automation has increased the frequency of these reviews and reduced the time required from a full day to a maximum of one hour.

Wiz exports firewall rules from AWS, GCP, and Azure to AWS S3. Lambdas process the raw file and compare it with previous reports to generate a diff of rules, writing back to S3. A different lambda copies that file to Google Drive for easy collaboration.

CV

Mon, 01 Jan 0001 00:00:00 +0000

Please send me an email at adam[@]pietrzycki[.]com if you would like the pdf version of my CV

Profile

DevSecOps professional with a background in SRE, DevOps, and Cloud Security. Experienced in developing secure and resilient systems at scale, implementing preventative security measures and responsive threat mitigation strategies across enterprise environments. I take part in conferences and tech meetups to build professional connections and stay current with AWS, Kubernetes, serverless architectures, and emerging security challenges.

Git

Mon, 01 Jan 0001 00:00:00 +0000

Photography

Mon, 01 Jan 0001 00:00:00 +0000

Adam Pietrzycki

The TeamPCP Supply Chain Attack

Wiz Cloud Security Championship

May 2026: Glass House

April 2026: Split Horizon

March 2026: Happy Birthday

February 2026: Trust Issues

Datadog State of Cloud Security 2025 - Fact 4

Preventing secret leaks in Docker Images

COPY

Dockerfile ONBUILD for customisable images

Things I have automated at work

Reviewing firewall rules across AWS, GCP and Azure

CV

Profile

Git

LinkedIn

Photography