Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

Palen Schwab

As Director of Marketing, Palen is responsible for Threat Stack's lead generation and branding strategy. With over 10 years marketing experience in business-to-business, high-tech, and security markets, Palen’s customer-centric approach to marketing aims at improving the communication and relationship customers have with their vendors. Prior to Threat Stack, Palen held management positions at Procera Networks, Exinda Networks, and Astaro Internet Security (acquired by Sophos in July 2011) where he specialized in demand generation, corporate communication, and growth hacking.

Recent Posts

Five OpSec Best Practices to Live By

by Palen Schwab , posted in Security Awareness, OpSec, OpSec Best Practices

OpSec Blog Banner.png

Often when we talk about security, we focus on the mechanics of how to keep technical infrastructure safe. It can be easy to forget that operational security is just as important. When done right, strong OpSec practices will keep your business safe from leaked information, competitive disadvantage, and even public embarrassment.

Without good OpSec, your business may be vulnerable to information theft via an attack surface that has little or nothing to do with computers. With that said, here’s what you need to know about OpSec today.

What is OpSec?

OpSec stands for Operational Security. Many people think of it in a military or national security context. In those realms, OpSec means understanding what your adversaries can deduce from the communications you put out, and taking steps to limit the usefulness of any information they can easily gather. For our purposes — in the world of business — when we say OpSec, we mean: “Actions taken to ensure that information leakage doesn't haunt you.”

Similar concept, different context. OpSec in the world of business is all about making sure that information about your business that should remain private, does remain private. This article offers a helpful framework for applying OpSec principles to business. Below, we’ll explain what we’ve learned and how we share that with our own employees.

Read More [fa icon=long-arrow-right"]

Apr 24, 2017 10:56:27 AM

[fa icon="comment"] 0 Comments

Why You Should Think of Security as a Skill, Not Just a Role

by Palen Schwab , posted in Cloud Security, Cloud Security Best Practices, Cloud Security Awareness Program

Security as a Skill Blog Banner.png

A common mistake that we see organizations make is putting off security until they hire someone who specializes in it. Depending on the size of your company and the nature of your business, this could mean waiting several years to start taking security seriously. In today’s threat environment, that’s not realistic or practical. And, even when you decide you’re ready to bring someone in-house to focus on security — given the current security talent shortage — odds are it could take a while to find the right hire.

This is why we believe that organizations should start thinking about security as a competency, rather than simply a job description. You don’t need to have a CISO or a SOC or even a security analyst on your team before you can start taking steps to improve your security posture. The potential consequences of a breach (financial loss, reputation damage, downtime, or IP loss, to name a few) are too serious to ignore.

With that in mind, here’s how to start viewing security as a skill and how to boost that skill across your organization.

Read More [fa icon=long-arrow-right"]

Apr 12, 2017 1:43:05 PM

[fa icon="comment"] 0 Comments

Building Strong Partnerships: Why We’re a Proud Sponsor of the PagerDuty Summit

by Palen Schwab , posted in Cloud Security, PagerDuty, Incident Management, PagerDuty Summit


After the Threat Stack team attended last week’s PagerDuty Summit in San Francisco, it became clear why PagerDuty is the market leader in agile incident management solutions. Not only do they have a great product, they also have an active community of users who are driving the conversation around incident response in the twenty-first century.

Read More [fa icon=long-arrow-right"]

Sep 20, 2016 1:34:08 PM

[fa icon="comment"] 0 Comments

3 Lessons Learned From AWS NYC Summit

by Palen Schwab , posted in Cloud Security, AWS Summit NYC


"I remember when there were only about 40 of us meeting here, talking about AWS, and ending the day by descending on the hotel bar." — Told to us by an AWS Summit Veteran

Read More [fa icon=long-arrow-right"]

Aug 16, 2016 2:22:17 PM

[fa icon="comment"] 0 Comments

Who is Responsible for a Security Breach?

by Palen Schwab , posted in Cloud Security, Monitoring, Alerts, Cloud Context, Mean Time to Resolution


Before you can assign responsibility for a security breach, you need to go back to the scene of the crime and understand where it originated. No easy task given the dynamic and complex nature of cloud computing environments.

Read More [fa icon=long-arrow-right"]

Jun 30, 2016 8:56:58 AM

[fa icon="comment"] 0 Comments

Jun 23, 2016 3:02:16 PM

[fa icon="comment"] 0 Comments

The Point Security Solution Implosion: 4 Things Companies Need to Know

by Palen Schwab , posted in Cloud Security, Cyber Security, Security Strategy


Not even a decade ago, security was much simpler. Companies were defined by the perimeter of their corporate network and protected by a firewall and antivirus tool that could withstand just about any security attack. Then came the cloud, mobile devices, and the Internet of Things (IoT), and the attack surface overflowed far beyond the network, making security not-so-simple.

Read More [fa icon=long-arrow-right"]

Jun 9, 2016 11:17:48 AM

[fa icon="comment"] 0 Comments

Does "Cloud-Native" Really Matter When it Comes to Cloud Security?

by Palen Schwab , posted in Cloud Security, Cloud, Cloud-Native


Cloud-native: It’s an adjective that gets tossed around a lot, but we don’t frequently unpack its meaning or its value for businesses.

Today we want to talk about what cloud-native means in the context of cloud security and whether it’s truly necessary. Cloud-native means that a piece of software was built in the cloud, for the cloud. When it comes to security, a cloud-native platform is a natural fit for protecting cloud-based data. But is it a must-have?

Read More [fa icon=long-arrow-right"]

May 20, 2016 12:35:05 PM

[fa icon="comment"] 0 Comments

A Guide to Assess Where You Stand With Cloud Security

by Palen Schwab , posted in Cloud Security, Cloud, Cloud Security Playbook


Cloud security is a sprint and a marathon. A sprint in that security teams must quickly put the right defenses in place to address zero-day attacks and persistent threats in the short term, and a marathon in that an organization's security posture needs to be regularly evaluated and improved on over the long term to address new and evolving threats and compliance regulations.

Read More [fa icon=long-arrow-right"]

May 12, 2016 6:07:23 PM

[fa icon="comment"] 0 Comments

Join Threat Stack at AWS Summit Chicago 2016

by Palen Schwab , posted in Event, AWS Summit



AWS Summit season is upon us, and Threat Stack is proudly sponsoring and exhibiting at the AWS Summit Chicago again this year.

Read More [fa icon=long-arrow-right"]

Apr 15, 2016 12:01:18 PM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all