Welcome!

Hi! Welcome to my digital garden. My name is Andy Tinkham and this is where I learn in public.

About Me

I'm a Gen X guy living in the suburbs of Minneapolis with my wife and our cat. I work as the Security Architect for Cyberark's Conjur product. Around this site, you'll probably (eventually) find ideas and thoughts across the following areas:

• Application Security
• Identity Management
• DevOps - things like Kubernetes and cloud services
• PKM and Knowledge Management
• Science Fiction and Fantasy
• Logic Puzzles
• Beverages (both alcoholic and not)
• Science
• Art

Past interests that might make a come back include Photography and Board games

My main social media presence these days is on Mastodon. I don't post much but I do boost and occasionally post. If you want to find me there, I'm at:

• @andytinkham@infosec.exchange (mostly professional stuff)
• @andy@pkm.social (knowledge management & PKM)
• @andytinkham@wandering.shop (the social stuff)
• @andytinkham@rls.social (very quiet - leadership stuff)
• @andy@social.oddly-influenced.dev (very, very quiet)

I'm on Github and LinkedIn.

There are a few things I believe strongly - I am not open to debating someone else's right to exist, to choose how they present themselves to the world, to choose who they love, or viewing people as less than others.

• All people are equal
• Black lives matter
• Trans rights are human rights
• Women's rights are human rights and they are in charge of their own bodies
• Love is Love is Love
• Science is real
• Immigrants make America great
• Diversity is highly desirable, Inclusion is highly necessary
• I stand for disability rights to enable everyone to be able to fully participate in society

Topics on My Mind Recently

• Restore Application Icons
• Secure Coding in Go
• Secure Coding in Ruby
• Secure Coding
• OWASP Top 10 Web Application Security Risks 2021
• OWASP Top 10
• OWASP API Security Top Ten 2019
• OWASP Kubernetes Top 10 2022
• Application Security
• Code of Conduct

Using this site

I subscribe to the principles laid out in swyx's "Digital Garden Terms of Service". Specifically that means:

• I WILL be wrong in pages on this site. Pages WILL be incomplete. This site will always be a work in progress as I will always be learning as long as I'm around to update this site. Additionally, each page has the ability for comments to be posted so that visitors to the site can help me learn in public. Those comments may sometimes be wrong too. We're all learning here and that shouldn't be counted against me or anyone using this site. Everything here will be updated and revised as I learn new things about the topics I discuss.
• You are highly encouraged to leave comments on pages. Constructively criticize my ideas, suggest gaps in my knowledge (and how I might close them), correct or build on ideas I've put in the pages. We all know different things, and part of the point of this site is to learn together to capitalize on those differences. I will read and consider each comment in good faith and appreciation of the gift of your time and knowledge. I don't guarantee to agree with every comment, but I won't remove comments just because I disagree with them. I also don't promise to respond to every comment. Commenters agree to abide by the Code of Conduct
• Hate speech is not allowed anywhere on this site. I will remove comments that contain attacks on people, are spam, or otherwise fail to meet this site's Code of Conduct.
• With that said, I don't expect feedback on anything here. The main goal of this site is to document and organize my learning. If no one ever comments, it'll still achieve that purpose and I won't let that discourage me.
• I retain copyright to all the content in these pages except for comments posted by others who own the copyright on their content. You may quote anything you find here with attribution and a link back. Don't plagiarize this site - the point here is to learn and plagiarism short circuits that process.
• I won't publish material meant to be private. That includes private conversations where I don't have permission of the other participants.
• I will comply with this site's Code of Conduct in everything I post. Additionally, I will be sensitive to the feelings of others if I ever express negative opinions about someone else's work. I will treat others as they want to be treated.
• I will be cognizant of my biases in what I post.
• I won't knowingly post misleading material - everything I write here will be a true representation of my thoughts at the time of writing even if it is factually wrong.
• To offset the likelihood and impact of places where I'm wrong, I'll include data on each page to indicate my level of experience in an area as I write the page, my degree of confidence in the ideas expressed on that page, and date stamps for both when I created the page and when I last modified it. (as originated by Devon Suegel via swyx)
• I will link my sources both to give credit for the ideas and work of others, and to allow further exploration if you so desire.