HomeUncategorizedInterview with Mihir Shah

Interview with Mihir Shah

Mihir Shah is the author of Cloud Native Software Security Handbook, we got the chance to sit down with him and find out more about his experience of writing with Packt.

Q: How did you become an author for Packt? Tell us about your journey. What was your motivation for writing this book?

Mihir: My journey as a Packt author commenced quite serendipitously. It was back in 2021 when Packt approached me with a proposal to pen a book on the subject of ‘red teaming for cloud security’. At that point in time, while I was deeply intrigued by the opportunity, I didn’t feel fully prepared to undertake such an endeavor. As time went by, my expertise and understanding of cloud security advanced. My day-to-day interactions with cloud native software and the inherent security concerns it posed helped shape my understanding of the subject matter in more profound ways. Simultaneously, I noticed a critical gap in the market for a comprehensive guide on cloud native software security. It was this realization that spurred my motivation to write this book. I saw it as an opportunity to bridge the knowledge gap in this rapidly evolving field, and to provide a manual that practitioners, students, and enthusiasts in the field could refer to. The thought of making a meaningful contribution to the industry and sharing my insights on the subject pushed me to accept the challenge. Thus, when Packt reached out again, I was more than ready to step into the role of an author. The journey that followed was one of learning, growing, and most importantly, contributing to the body of knowledge on cloud native software security. It’s been an enriching experience to say the least, and I’m glad I decided to embark on this path with Packt..

Q: What is the name of your book?

Mihir: Cloud Native Software Security Handbook: Unleash the power of cloud native tools for robust security in modern applications.

Q: What kind of research did you do, and how long did you spend researching before beginning the book?

Mihir: The research process for the “Cloud Native Software Security Handbook” was both extensive and thorough. Given the technical depth and breadth of the subject, it was imperative that my work was rooted in the most current and accurate information available. My research involved various methodologies, from immersing myself in the latest scientific articles, white papers, and case studies related to cloud native security, to actively participating in tech forums and webinars. Furthermore, I sought to not just understand the technology, but also the context around it, including regulatory compliance, business needs, and the cyber threat landscape. This allowed me to ensure that the book was both technologically accurate and practically relevant. In terms of time commitment, I spent about six months on this research phase prior to starting the actual writing process. This period was invaluable, as it provided a solid foundation on which I could construct the narrative and technical explanations in the book. This extensive preparation allowed me to write with confidence and ensure that the content I was producing was both authoritative and accessible.

Q: What key takeaways do you want readers to come away with from the book?

Mihir: As the author of the “Cloud Native Software Security Handbook,” my primary goal was to provide readers with a comprehensive, practical, and accessible guide to understanding and implementing cloud-native security strategies. I hope that readers will walk away from the book with several key insights:

1. **Understanding of cloud-native security principles**: The book provides an in-depth exploration of the foundational principles and concepts of cloud security in the context of cloud-native applications. My hope is that readers gain a solid theoretical understanding to build upon.

2. **Practical application**: Understanding theory is important, but applying those concepts to real-world situations is where the true value lies. I aim for readers to be equipped with practical tools, strategies, and best practices that they can directly apply in their work or study.

3. **Awareness of emerging trends and future outlook**: Cloud security is a rapidly evolving field. I want readers to not just understand the current landscape, but to also be aware of emerging trends and the future outlook of cloud-native security. This will help them stay ahead of the curve and prepare for what’s coming.

4. **Inspiration to continue learning**: No single book can cover every detail of a field as vast and dynamic as cloud-native security. I hope this book will serve as a stepping stone for readers, inspiring them to delve deeper and continue their learning journey in this exciting field.

5. **Confidence in navigating the cloud-native security landscape**: Ultimately, my goal is for readers to feel confident in their understanding of cloud-native security. Whether they are students, early-career professionals, or seasoned experts, I want them to feel equipped to navigate the complex and exciting world of cloud-native security with confidence and competence.

Q: Can you share any blogs, websites and forums to help readers gain a holistic view of the tech they are learning?

Mihir: https://mihirshah99.medium.com/

Q. Did you face any challenges during the writing process? How did you overcome them?

Mihir: The writing process, while rewarding, did indeed come with its own unique set of challenges. The complexity of the subject matter, the rapidly evolving nature of cloud security, and the need to ensure that the content remained accessible to readers of varying levels of expertise were all factors I grappled with. One of the major hurdles was maintaining technical accuracy while ensuring that the content was digestible for readers who might not have advanced knowledge of the subject. It was essential to strike a balance between offering in-depth insights and maintaining readability. To overcome this, I employed a layered approach to writing, presenting core concepts in simple language and then gradually diving into more complex discussions. I also used real-life examples and case studies to elucidate the technical aspects. Additionally, the constantly evolving nature of cloud security posed a challenge, as information and practices can quickly become outdated. To mitigate this, I made a point of staying actively engaged with the latest industry developments even during the writing process. I regularly checked industry publications, followed key influencers, and participated in professional forums to ensure the content was up-to-date. Finally, maintaining momentum and avoiding burnout during the writing process can be challenging, especially when managing it alongside a full-time job. I overcame this by setting a consistent writing schedule, taking regular breaks, and reminding myself of the value and impact this book would have for its readers. It’s important to remember that writing a book is a marathon, not a sprint, and patience and persistence are key.

Q. How would you describe your author journey with Packt? Would you recommend Packt to aspiring authors?

Mihir: I can share that I have found collaborating with Packt to be a rewarding and enriching experience. Packt is known for its vast catalogue of books on cutting-edge technology topics, including cloud computing, machine learning, artificial intelligence, data science, and more. They typically work with subject matter experts in these fields to bring the most current and applicable knowledge to their readers. As an author with Packt, one can expect a structured and supportive writing process. They usually assist in outlining the book’s structure, provide editorial and technical reviews, and support the author in other ways, like helping meet deadlines or offering advice on how to present complex information. For aspiring authors, especially those with expertise in a technology field, writing with Packt could be an excellent opportunity to share your knowledge, establish yourself as a thought leader, and contribute to the tech community’s education. However, as with any significant project, it’s important to consider the commitment required. Writing a book can be a time-consuming process and balancing it with other professional or personal responsibilities should be a factor in your decision. As always, it’s recommended to do your own research, consider your personal circumstances, and maybe reach out to other authors who have published with Packt to get a comprehensive understanding of the process and what it entails.

Q. Why should readers choose this book over others already on the market? How would you differentiate your book from its competition?

Mihir: “Cloud Native Software Security Handbook” offers a unique blend of technical depth, practical relevance, and accessibility that sets it apart in the marketplace. Here are a few key differentiators:

1. **Comprehensive coverage**: The book delves into a wide range of cloud security topics, offering readers a holistic understanding of the field. It’s not just about theoretical principles, but about how those principles apply to real-world situations.

2. **Balance of depth and accessibility**: The content is designed to cater to a broad audience, from novices looking to gain a foundational understanding, to seasoned professionals seeking advanced insights. The layered approach ensures that complex topics are gradually unfolded, making it easier for readers of all levels to grasp.

3. **Up-to-date and forward-thinking**: The book is not only current but also anticipates the future of cloud security, discussing emerging trends and technologies. This means readers are not just learning about today’s landscape, but are also equipped to navigate future developments.

4. **Practicality**: Theoretical discussions are paired with practical examples, case studies, and actionable tips. This blend of theory and practice helps readers understand how concepts are applied in real-world scenarios, thereby enhancing their ability to implement these strategies in their own work.

5. **Written by a practitioner**: As a professional working actively in this field, I bring to the table not just knowledge, but experiences and insights gained from working on the frontlines of cloud security. This first-hand perspective enriches the content and ensures its relevance to the realities of the job. In a rapidly evolving field like cloud security, it’s essential to have a guide that is not only informative but also practical, current, and accessible. I believe the “Cloud Native Software Security Handbook” fulfills these needs in a unique and engaging way.

Q. What is/are your specialist tech area(s)?

Mihir: DevSecOps, Cloud-Native Security, Kubernetes Security

Q. What advice would you give to readers jumping into this technology? Do you have any top tips?

Mihir: Diving into the world of cloud-native technology, particularly from a security perspective, can seem daunting, but it’s an exciting and rewarding journey. Here are some top tips I’d like to share:

1. **Embrace the learning curve**: The technology landscape, especially in the realm of cloud-native security, is vast and constantly evolving. It’s crucial to embrace the continuous learning process and stay curious. Don’t be discouraged if certain concepts seem complex at first, as with time and practice, they will become more familiar.

2. **Stay updated**: The pace of change in this field is rapid. Make it a habit to follow industry news, participate in forums, attend webinars and conferences, and learn from thought leaders in the space. This will help you stay abreast of the latest trends, technologies, and best practices.

3. **Hands-on practice**: Theory is important, but there’s no substitute for hands-on experience. Use sandbox environments, take up practical projects, or contribute to open source projects to apply what you’ve learned. This not only helps solidify your understanding but also gives you valuable practical experience.

4. **Understand the business context**: Security is not just a technical issue; it has significant business implications as well. Understanding the business context and implications of security decisions makes you a more effective security professional. It helps to bridge the gap between technical teams and business stakeholders.

5. **Networking and community involvement**: Joining communities and networks of cloud security professionals can be extremely beneficial. It provides opportunities for learning, sharing, and even mentorship. It’s a great way to stay connected, learn from others’ experiences, and also contribute to the community.

6. **Think like an attacker**: A good defense is built on understanding the offense. Try to think like an attacker to anticipate vulnerabilities and understand potential threats. This is particularly true in cloud-native environments where traditional security models may not apply. Remember, mastering any new technology takes time and patience, so don’t rush the process. Every step you take, no matter how small, brings you closer to your goal. Happy learning!

Q. Do you belong to any tech community groups?

Mihir: Yes, I belong to multiple tech communities such as the British Computer Society, null Community and OWASP.

Q. What’s your take on the technologies discussed in the book? Where do you see these technologies heading in the future?

Mihir: The technologies discussed in the “Cloud Native Software Security Handbook” are pivotal to the modern digital infrastructure. They represent a shift from traditional monolithic architectures to more flexible, scalable, and resilient systems that better support the demands of today’s digital economy. In my view, cloud-native technologies are not merely a trend, but rather a fundamental evolution in the way we approach software development and deployment. They enable more agile development cycles, enhance scalability, and improve resilience, all while offering cost efficiencies. However, as the adoption of these technologies continues to grow, so too will the security challenges associated with them. Traditional security models are not always equipped to handle the unique vulnerabilities and threats that emerge in a cloud-native environment. As a result, there’s an increasing need for innovative approaches to security that are specifically designed for cloud-native architectures. Looking to the future, I anticipate the field of cloud-native security will continue to advance at a rapid pace. We can expect developments in areas such as zero trust architecture, AI-driven threat detection, and automation in security operations. Moreover, as more organizations undergo digital transformations, there will be an even greater demand for professionals who can navigate the complexities of securing cloud-native applications. To summarize, the cloud-native landscape is dynamic and exciting, but also filled with potential threats. Staying ahead in this game requires a commitment to continuous learning, adaptation, and innovation – a commitment that I hope this book will inspire in its readers.

Q. How did you organize, plan, and prioritize your work and write the book?

Mihir: Embarking on the journey to author the “Cloud Native Software Security Handbook” with Packt was an exercise in discipline, organization, and creativity. To begin, I created a comprehensive outline for the book, delineating major sections and chapters, and pinpointing the key topics I wanted to cover. This acted as my roadmap, guiding me through the writing process. I developed a writing schedule, breaking down the mammoth task of writing a book into smaller, more manageable goals with corresponding deadlines. Prioritizing these tasks was key – it wasn’t merely about following a linear path, but rather identifying tasks that could be worked on concurrently. Carving out dedicated time slots in my daily routine for focused writing helped me make consistent progress. Regular reviews of my work ensured I was maintaining the coherence of my narrative and staying true to the initial outline. I also found it invaluable to take scheduled breaks to refresh my mind and stave off burnout. I sought out regular feedback from my peers and mentors to gain fresh perspectives and further refine my content. Lastly, flexibility was crucial. The process wasn’t rigid – I found that certain sections demanded more time than I’d initially allocated, and new, insightful ideas sprung up along the way that I felt compelled to incorporate. Each author’s journey is unique and influenced by their work style and the nature of the book, but these strategies worked effectively for me throughout my authoring experience.

Q. What are your favorite tech journals? How do you keep yourself up to date on tech?

Mihir: 1. Tech Journals:

IEEE Spectrum: An excellent resource for the latest technology news and analysis across a wide range of disciplines.

Nature Electronics: Publishes both fundamental and applied research across all areas of electronics.

Communications of the ACM: A leading resource for computing and information technology, it encompasses diverse areas of the tech world.

2. Online Tech News Platforms:

TechCrunch: Offers a wealth of information on startups, tech trends, and the latest in technology product launches.

Ars Technica: Covers a wide spectrum of technology-related topics, offering in-depth news and analysis.

The Verge: Provides comprehensive news on technology trends, product reviews, and original reports.

3. Tech Blogs and Websites:

A List Apart: Focuses on web design, development, and best practices. –

Smashing Magazine: Offers articles and tutorials on web development and design.

4. Podcasts and Video Channels: –

TED Talks Technology: Provides insightful presentations from tech industry leaders and innovators.

The Vergecast: The Verge’s flagship podcast, hosted by editors Nilay Patel, Paul Miller, and Dieter Bohn, where they discuss the week in tech news.

Q. Would you like to share your social handles? If so, mention them below.

Mihir: LinkedIn, Twitter, Website

Q: What is that one writing tip that you found most crucial and would like to share with aspiring authors?

Mihir: One writing tip that I consider paramount is the concept of “writing first, editing later”. It can be tempting to perfect every sentence and paragraph as you write, but this can disrupt your flow and slow down the writing process. During the initial stages, focus on getting your ideas onto the paper without worrying too much about phrasing, grammar, or organization. Let your thoughts flow freely and aim to capture the essence of what you want to communicate. Once you have your ideas down, you can then enter the editing phase – refining your language, reordering sections for better flow, fixing grammar and spelling issues, and so on. Remember, the first draft is just that – a draft. It doesn’t have to be perfect. The polishing comes later, and separating the writing and editing processes can make both more effective and less daunting.

You can find Mihir’s book on Amazon by following this link: Please click here

Cloud Native Software Security Handbook– Available on Amazon.com