Warren Parad
CTO · International Speaker · Tech Entertainer · AWS Community Builder
CTO at Authress — building auth infrastructure for developers. Host of Adventures in DevOps. Conference speaker on security, architecture complexity, and engineering leadership.
Public appearances
- Voxxed Days · Zurich · 2026
Meeting Impossible SLAs: How we made our uptime 99.999%
- Tech Internals · Berlin · 2025
What the @#!? is Auth
- TechTalkThursday · Zurich · 2025
What the @#!? is Auth
- L8Conf · Warsaw · 2025
Meeting Impossible SLAs: How we made our uptime 99.999%
- DWX24 · Nuremberg · 2024
Why you Should Check Your Secrets Into Git
- AWS Global Summit · Zurich · 2024
Meeting SLAs: What it takes to be 99.999% reliable
- TechSpot · Warsaw · 2024
Build a Security-First API
- Decompiled · Dresden · 2024
Adding security to your architecture and mindset
- FOSDEM · Brussels · 2024
Stopping all the attacks
- Adventures in DevOps Podcast · Switzerland · 2024
The Challenges of Open Source
- Codemotion · Milan · 2023
Why you should check your secrets into Git
- Codemotion · Madrid · 2023
Why you should check your secrets into Git
- Agile Meets Architecture · Berlin · 2022
Adding security to your architecture one step at a time
Voxxed Days · Zurich · 2026
TechTalkThursday · Zurich · 2025
FOSDEM · Brussels · 2024
Adventures in DevOps Podcast · Switzerland · 2024
Codemotion · Madrid · 2023
Agile Meets Architecture · Berlin · 2022
- 2026-04-07
Making rate limiting in AWS less terrible
APIGW Usage Plans won't get you the per-user rate limiting you need. And using a WAF is an incomplete solution. But rolling your own is of course fraught with the usual challenges.
- 2026-03-14Authress Engineering KB
Actually Fixing AWS S3
A concrete proposal for redesigning AWS S3's Account Regional Namespace to finally separate private bucket configuration from public access, eliminating a class of accidental data exposure.
- 2026-03-03Authress Engineering KB
Securing CI/CD Access to AWS
How to securely grant CI/CD pipelines least-privilege access to AWS accounts using Lambda, OU StackSets, and short-lived credentials — no long-lived secrets.
- 2025-06-17
AWS Auth Caching Strategies
Trade-offs and patterns for caching authentication and authorization decisions in AWS workloads — reducing latency and cost without sacrificing security correctness.
- 2025-05-25Authress Engineering KB
API Gateway Authorizers: Vulnerable By Design
Exposing a critical flaw in AWS API Gateway's Lambda authorizer caching behavior that allows stale JWT decisions to persist — and how to architect around it.
- 2025-01-24
The Risks of User Impersonation
Why allowing admins to impersonate users creates audit gaps, liability exposure, and subtle authorization bugs — and what to build instead.
- 2025-01-21
Migrating CloudFormation to TF
A practical, zero-downtime migration path from AWS CloudFormation to Terraform — including state import strategies and pitfalls to avoid.
- 2025-01-15Authress Engineering KB
Are millions of accounts vulnerable due to Google's OAuth Flaw?
A rebuttal to Truffle Security's viral Google OAuth disclosure — arguing the actual vulnerability is apps trusting email over the immutable `sub` claim, not a Google flaw.
- 2025-01-15Authress Engineering KB
Magic links and Passwordless login
How magic links and passkeys work under the hood, when to use them, and the security gotchas that trip up teams implementing passwordless authentication.
- 2025-01-09
AWS Advanced: The Quota Monitor Review
A deep-dive review of AWS's Quota Monitor solution — its design trade-offs, gaps, and how to extend it to get actionable alerts before hitting service limits.