Jun 12, 2017 11:59:08 AM
Last week, over a thousand Chefs descended on the city of Austin for ChefConf 2017. The recipe for the week was two days of talks, numerous technical workshops, a heavy dose of innovation, and a dash of 70’s cover bands. Chef introduced their Chef Client 13 and showed off their newer technologies, like Chef Automate and Habitat, their application configuration and management software. The Threat Stack team (Tom McLaughlin and I) showed up to exhibit with donuts, socks, and plenty of cheesy puns — that’s right, we can help you be SOCK compliant.
It was great engaging with the DevOps community and learning more about the challenges everyone is facing as technology evolves faster than anyone can keep up. Throughout the conference, I learned about all of the technological advances that Chef and friends are making and noticed some trends across all the talks and conversations I had with attendees. Here are three of the high-level themes I took away.
May 30, 2017 10:39:06 AM
These days, security should be part of everyone’s job. This is especially true for DevOps teams, which are responsible for developing, delivering, and maintaining critical applications for many organizations, and must therefore prioritize security as part of their role. But the world of security can seem like a bit of a mystery until you’ve been exposed to it.
If you or someone on your team is looking to learn more about what it takes to run a secure organization today, we have provided a list of resources below, from conferences to reference books to Twitter handles, that are worth checking out.
Apr 6, 2017 1:50:14 PM
You’re probably familiar with DevOps by now. It’s the collaboration between Development and Operations teams by leveraging the same tools and processes to get things done more efficiently. Now, Security is being brought into the fold, and this is called DevOpsSec.
Since DevOpsSec is a much newer term and development practice, we wanted to take the opportunity to discuss how companies can get started with many of its foundational elements. There are no two people better equipped to talk about it than Threat Stack’s own Head of Operations, Pete Cheslock, and CTO, Sam Bisbee.
Rather than walking you through a polished slide deck, Pete and Sam wanted to open up the discussion in an AMA (Ask Me Anything) format. We fielded questions from Twitter, LinkedIn, Facebook, as well as email and received hundreds of submissions. On Tuesday, March 14, in the middle of a blizzard here in Boston, they sat down for an hour to answer many of these questions live.
Mar 15, 2017 4:28:17 PM
I remember the days when SysAdmins bragged about server uptimes that were sometimes measured in years. I have been out of the SysAdmin world for quite a while, focusing on software development, and somewhere along the way, a small revolution happened. Here at Threat Stack, our DevOps team embraces immutable infrastructure, which allows us to spin down problematic servers and spin up brand new clean instances in a matter of minutes. Impressed with this approach, I started to look for a way to bring some of these concepts home.
Mar 13, 2017 2:34:08 PM
Last night we got together with our good friends from PagerDuty to host an event at District Hall in the Seaport area of Boston. It was a fun evening, offering product-related presentations, a wide-ranging panel discussion, and an opportunity to socialize with friends, colleagues, and other like-minded folks.
Before we go further, you may ask why we’re teaming up with PagerDuty. PagerDuty and Threat Stack have a tight product integration that enables you to manage all types of alerts in one place, making sure you have an end-to-end security solution that alerts you when the unexpected occurs. A great combination!
Jan 13, 2017 4:29:58 PM
When people think of the AppSec event, I assume the first thing that comes to mind is just that: Application Security. Given the fact that Threat Stack is more widely known for helping organizations protect their cloud environments, you might well ask why we took part in a show that’s not strictly dedicated to infrastructure security.
Great question, but as you’ll see, the answer is rooted in a match up between a rapidly evolving technology landscape and Threat Stack’s core mission.
Oct 18, 2016 10:51:25 AM
You’re a week into your new job and a colleague shouts out across the room before a big deployment: “Hey John, you’ve got security covered, right?” You rush over to your good friend Google for a few quick ideas on implementing security best practices into DevOps and timidly shake your head “yes” at your colleague.
Sep 22, 2016 1:15:57 PM
A recent Motherboard article caught our eye and got us thinking about who is — and who should be — responsible for security in an organization. The article, titled “We Need to Change the Psychology of Security,” makes the argument that, by treating security as a specialization that belongs only to a few people in an organization (the security team), we are crippling our ability to successfully achieve security at scale.
The author, Adrian Sanabria, makes some excellent points. After reading the article, we wanted to share some actionable ways that organizations can go about deputizing their employees as security ambassadors.
Sep 15, 2016 12:14:49 PM
Last week I spent two great days at DevOpsDays Chicago. Usually, I attend conferences to listen to the talks, but in Chicago I was representing Threat Stack (one of the event’s Gold Sponsors), so my job was mostly listening to engineers discuss their organization’s security stance and requirements. I learned a lot from the conference — especially about the integration of Security into a DevOps world.
Sep 9, 2016 9:57:39 AM