Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

Sam Bisbee

As the Chief Technology Officer at Threat Stack, Sam is responsible for leading the Company's strategic technology roadmap for its continuous security monitoring service, purpose-built for cloud environments. Sam brings highly-relevant experience in distributed systems in public, private, and hybrid cloud environments, as well as proven success scaling SaaS startups. Sam was most recently the CXO at Cloudant (acquired by IBM in Feb. 2014), a leader in the Database-as-a-Service space, where he played a senior technical and product role.

Recent Posts

The How vs the Who: An Argument Against Attribution & Hack Back

by Sam Bisbee , posted in Cloud Security Strategy, Security Strategy, Attribution, Hack Back

Attribution and Hack Back Blog Banner.jpg

A lot of organizations focus their efforts on identifying external actors, distinguishing between different groups that may be attempting malicious activity. At some organizations, this is relevant due to the defender’s sophistication, capabilities, and relationships. However, they are the 1%-ers and have many of the same difficulties that we are about to explore.

For the 99%, there is an unhealthy fascination around actors, attribution, and the “who done it?” The 99% believe that this information is both accurate and actionable. This belief has been propagated by cloud data security vendors; Hollywood’s portrayal of hacking and defense; and the fourth estate’s fascination with spy thriller storylines like the DNC breach and its role in the US presidential election.

Read More [fa icon=long-arrow-right"]

Nov 2, 2016 11:38:52 AM

[fa icon="comment"] 0 Comments

Creating a Framework to Enable Compliance in the Cloud

by Sam Bisbee , posted in Compliance, Cloud Security Strategy, Cloud Security Platform


How many times have you finished a 1,000-piece puzzle? How about a serious game of Monopoly? Both of these activities have parallels with the process of meeting compliance regulations.

Read More [fa icon=long-arrow-right"]

May 13, 2016 10:02:42 AM

[fa icon="comment"] 0 Comments

It All Started With a Wager About System Upgrades

by Sam Bisbee , posted in Threat Stack Agent, Cloud Environments, System Upgrades, immutable infrastructure

System Upgrades Blog Banner.jpg

It all started with a wager of the usual amount over beers with @brianhatfield. When running workloads in Cloud environments, do organizations routinely and blindly upgrade their systems? The actual means of triggering the upgrade were not questioned - chef run, hourly cron job, etc. One side took 10% or less, the other 90% or greater. While it’s not important who claimed the moral victory of coming closest, it’s important to remember that no one got paid (read: I lost).

Read More [fa icon=long-arrow-right"]

Mar 24, 2016 8:49:08 AM

[fa icon="comment"] 0 Comments

Who Became Root?

by Sam Bisbee , posted in sudoer, product update, root, threat stack, new features

This week you may have noticed the introduction of a new feature - the sudoer field.

Read More [fa icon=long-arrow-right"]

Feb 4, 2016 5:58:43 PM

[fa icon="comment"] 0 Comments

Scale it to Billions — What They Don’t Tell you in the Cassandra README

by Sam Bisbee , posted in Best Practices, Pete Cheslock, Cassandra

At Threat Stack our engineering and operations teams have embraced the concept of the polyglot data platform, recognizing that no one solution can provide for all of our needs. Those needs include rapid scaling, ideally linearly, to support growing customer demand and the elastic workloads of our new economy customers. We also require different forms of analysis to support stream analysis for our IDS feature set, efficient lookup tables and prematerialized views for our ETDR feature set, and offline analysis for analysis and research.

A core component of our data platform for several years has been Cassandra, which we upgraded to Datastax Enterprise (DSE) through their start up program last year. Originally we were expecting to use it as our single source of truth for all of our time series data, but this turned out to be an anti pattern. Instead we have found it very useful for look up tables and pre-materialized views (more on this later).

Read More [fa icon=long-arrow-right"]

Sep 22, 2015 12:34:59 PM

[fa icon="comment"] 3 Comments

How to Manage the Ex-Employee Insider Threat

by Sam Bisbee


A developer or operator leaving your company is always a harrowing event. More than likely
they had access to your production environment, so you engage your standardized process for revoking their access. But how can you be sure everything is truly cleaned up, regardless of whether you suspect they would be malicious or not?

Read More [fa icon=long-arrow-right"]

Aug 6, 2015 9:00:00 AM

[fa icon="comment"] 0 Comments

Reinforcing Your Hardened Server's Soft Spots

by Sam Bisbee , posted in AWS Security


If you have either deployed or are planning to deploy a workload to the Cloud, perhaps using AWS, you are looking to run your operations efficiently without compromising security. In a recent post we discussed the AWS Shared Responsibility Model in which you are responsible for the security of your own data, platform, applications, and networks in the Cloud, while AWS is responsible for the security of the Cloud itself. Being security conscious, you understand this model and may have followed the AWS Security Best Practices in an effort to harden your EC2 instances.

Read More [fa icon=long-arrow-right"]

Jun 30, 2015 12:54:01 PM

[fa icon="comment"] 0 Comments

What All DevOps Teams Should Know About The AWS Shared Responsibility Model

by Sam Bisbee , posted in AWS Security, Security in the cloud, Shared Responsibility Model


Keeping your cloud workloads secure, compliant, and protected while moving at the speed of DevOps is no easy task. Our team at Threat Stack knows this truth very well. There are many different viewpoints on the best approach to take to keep your customer data and systems protected in the cloud, and it all starts with understanding where your cloud provider’s responsibility for security ends and where yours begins. Let’s use AWS as an example throughout this post as they have a Shared Responsibility Model that demonstrates this well.

Read More [fa icon=long-arrow-right"]

Jun 10, 2015 2:06:51 PM

[fa icon="comment"] 0 Comments

3 Reasons Why The Host Rules Cloud IDS

by Sam Bisbee , posted in Cloud Security, Intrusion Detection, IDS, Cloud IDS


To truly appreciate why companies like Threat Stack point to the Cloud as a watershed event in their corner of the software industry, one must push past the hype and worn platitudes about “the Cloud with a capital C.” The reality is that it is the side effects that have caused such a large impact, like cost of operation as a function of scaled purchasing power and the forcing of software-only solutions.

This has certainly been felt in intrusion detection systems (IDS). They have traditionally been deployed as network hardware devices enabled by access to the network infrastructure, but are struggling to find relevance in a world where the traditional network boundary no longer exists.

Read More [fa icon=long-arrow-right"]

Feb 5, 2015 1:44:00 PM

[fa icon="comment"] 0 Comments

Who Gets Access to Production?

by Sam Bisbee , posted in Production, Security, DevOps, Policy, SecDevOps, Operations, SecOps

This is the third installment in our new series of weekly blog posts that dives into the role of SecDevOps. This series looks into why we need it in our lives, how we may go about implementing this methodology, and real life stories of how SecDevOps can save the Cloud.

Read More [fa icon=long-arrow-right"]

Jul 23, 2014 4:56:00 PM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all