Cloud Native & Open Source: A Team Lead’s Working Journal 💻

Introduction As everyone, we are evolving and we are including AI into several workflows, so it’s essential having a way to pass data to the AI from various types of files. This is where Microsoft’s MarkItDown comes in as a powerful tool. It’s a lightweight Python utility that converts numerous file formats into Markdown, a format easily consumable by AI models. Whether you want to use it with an AI assistant like Claude through its MCP server, as a CLI tool, with Python code, or run it in a container, MarkItDown offers a lot of flexibility. ...

As Halloween approaches and the days grow shorter, it’s the perfect time for a spooky story… or, in my case, a recap of what’s been brewing in my professional life! With the end of the year lurking around the corner, it’s time to take stock of the exciting changes, challenging projects, and community efforts that have made 2025 a year to remember. So, grab your pumpkin-spiced latte, and let’s dive into the cauldron of the last few months. ...

OpenSSF, the Open Source Security Foundation, is an influential collaborative initiative under the Linux Foundation dedicated to improving open source software security. Bringing together industry leaders, security experts, and developers, OpenSSF drives broad community efforts to address vulnerabilities, foster best practices, and enhance transparency across software supply chains. Among its standout contributions is the advocacy and tooling development around Software Bill of Materials (SBOMs), which have rapidly become indispensable for managing security risks in modern software ecosystems. ...

Quick but exciting personal update: I am now part of the organizing team for the Cloud Native Days event in Italy! Everyone who knows me understands how much I love the community side of my work and how passionate I am about joining events and organizing amazing experiences. Having worked on event organization before with my friends at Let’s Connect, I know it’s both challenging and incredibly rewarding. ...

This article is a follow-up to my previous post about the state of the External Secrets Operator project. Let’s start with the most important news: External Secrets Operator is set to resume releases on September 22!!! What changed More than 300 volunteers have signed up to contribute across organizations, far exceeding expectations and widening the pipeline of future Members, Reviewers, and Maintainers. Governance has been clarified with a formal Contribution Ladder and focused tracks (Core, Providers, CI, Testing), plus interim roles to spread the load and reduce burnout risk. ...

External Secrets Operator is a great FOSS project that, over the last few years, has gained traction in Kubernetes environments, becoming one of the standard security tools for managing and integrating Kubernetes secrets from external sources. ESO is an operator and can be installed in different ways, for example via HELM or the OpenShift Operator Catalog. Here’s their GitHub repo. A couple of weeks ago, the team raised a giant RED FLAG with the following announcement: ...

Today, my manager forwarded me this article about several zero-day CVEs discovered in CyberArk and HashiCorp products. After some time spent researching online, I confirmed that both brands have fixed these CVEs by releasing updated versions!! I’m not surprised that these two big corporations acted quickly and fixed the vulnerabilities; both are well-known and reliable! This event gave me an excuse to write this article and respond to one of the most common questions I get from my customers whenever I share news about a new release of a secrets manager: ...

With the Digital Operational Resilience Act (DORA) now in effect across the European Union as of January 17, 2025, financial institutions face unprecedented cybersecurity and operational resilience requirements. Successfully achieving DORA compliance demands a comprehensive security strategy that also includes the following three fundamental components: Robust secrets management Hardened container images with minimal vulnerabilities Unified cloud-native application protection platforms (CNAPPs) These technologies work synergistically to meet DORA’s stringent ICT risk management, asset identification, and third-party oversight mandates. ...

It’s summertime in Europe. I’m just back from my summer holidays, and I want to restart the blog with a different kind of post: my journey from Senior System Engineer to Team Leader. I’ll share how I transitioned between these roles and outline my leadership principles for the team, focusing on delivering the highest level of service to our customers while maintaining a positive working environment. This includes balancing high standards, thorough documentation, continuous learning and improvement, and, importantly, having fun, all in a fully remote environment. There’s a lot to explain, so let’s start from the beginning! ...

Security should be a primary driver in IT! Everyone understands the importance of running secure, reliable code at every level of our infrastructure. Since the container revolution began a decade ago with Kubernetes 1.0, traditional IT administrators have lost some control to developers, who can now use Dockerfiles to package and deploy software at unprecedented speed. But at what cost? As organizations adopted runtime security tools to monitor containers and processes, it quickly became clear that pulling base images from public repositories often introduced a flood of vulnerabilities. ...