Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

Resources for DevOps Pros to Learn About Security

by Tom McLaughlin , posted in Cloud Security, DevOps, Professional Development, Security Education

DevOps Pros Security Resources Blog Banner.png

These days, security should be part of everyone’s job. This is especially true for DevOps teams, which are responsible for developing, delivering, and maintaining critical applications for many organizations, and must therefore prioritize security as part of their role. But the world of security can seem like a bit of a mystery until you’ve been exposed to it.

If you or someone on your team is looking to learn more about what it takes to run a secure organization today, we have provided a list of resources below, from conferences to reference books to Twitter handles, that are worth checking out.

Read More [fa icon=long-arrow-right"]

Apr 6, 2017 1:50:14 PM

[fa icon="comment"] 0 Comments

Ask Us Anything: Recap on How to Get Started With DevOpsSec

by The Threat Stack Team , posted in Cloud Security, Webinar, DevOps, DevOpsSec

AMA Recap Blog Banner.png

You’re probably familiar with DevOps by now. It’s the collaboration between Development and Operations teams by leveraging the same tools and processes to get things done more efficiently. Now, Security is being brought into the fold, and this is called DevOpsSec.

Since DevOpsSec is a much newer term and development practice, we wanted to take the opportunity to discuss how companies can get started with many of its foundational elements. There are no two people better equipped to talk about it than Threat Stack’s own Head of Operations, Pete Cheslock, and CTO, Sam Bisbee.

Rather than walking you through a polished slide deck, Pete and Sam wanted to open up the discussion in an AMA (Ask Me Anything) format. We fielded questions from Twitter, LinkedIn, Facebook, as well as email and received hundreds of submissions. On Tuesday, March 14, in the middle of a blizzard here in Boston, they sat down for an hour to answer many of these questions live.

Read More [fa icon=long-arrow-right"]

Mar 15, 2017 4:28:17 PM

[fa icon="comment"] 0 Comments

DevOpsing at Home

by Vitaliy Zakharov , posted in Cloud Security, Security, DevOps, DevOps Tools, DevOps at Home

Devopsing at Home Blog Banner.png

I remember the days when SysAdmins bragged about server uptimes that were sometimes measured in years. I have been out of the SysAdmin world for quite a while, focusing on software development, and somewhere along the way, a small revolution happened. Here at Threat Stack, our DevOps team embraces immutable infrastructure, which allows us to spin down problematic servers and spin up brand new clean instances in a matter of minutes. Impressed with this approach, I started to look for a way to bring some of these concepts home.

Read More [fa icon=long-arrow-right"]

Mar 13, 2017 2:34:08 PM

[fa icon="comment"] 0 Comments

Boston Cloud Security & Incident Management Workshop Recap

by Tom McLaughlin , posted in Cloud Security, DevOps, SecOps, PagerDuty, DevSecOps, Incident Management, Workshop, Cloud Security Maturity Model

PagerDuty Workshop Event Recap Blog Banner.jpg

Last night we got together with our good friends from PagerDuty to host an event at District Hall in the Seaport area of Boston. It was a fun evening, offering product-related presentations, a wide-ranging panel discussion, and an opportunity to socialize with friends, colleagues, and other like-minded folks.

Before we go further, you may ask why we’re teaming up with PagerDuty. PagerDuty and Threat Stack have a tight product integration that enables you to manage all types of alerts in one place, making sure you have an end-to-end security solution that alerts you when the unexpected occurs. A great combination!

Read More [fa icon=long-arrow-right"]

Jan 13, 2017 4:29:58 PM

[fa icon="comment"] 0 Comments

A Look Back at AppSecUSA: From Application Security to DevOps and Beyond

by Tim Armstrong , posted in Cloud Security, DevOps, SecDevOps, SecOps, Event, IoT, IoT Security

AppSecUSA_Event_Recap_Blog_Banner.jpg

Last week I spent two fantastic days in Washington, DC attending the AppSecUSA Conference on behalf of Threat Stack, one of the event’s Silver Sponsors.

When people think of the AppSec event, I assume the first thing that comes to mind is just that: Application Security. Given the fact that Threat Stack is more widely known for helping organizations protect their cloud environments, you might well ask why we took part in a show that’s not strictly dedicated to infrastructure security.

Great question, but as you’ll see, the answer is rooted in a match up between a rapidly evolving technology landscape and Threat Stack’s core mission.

Read More [fa icon=long-arrow-right"]

Oct 18, 2016 10:51:25 AM

[fa icon="comment"] 0 Comments

How to Create a Security-Minded DevOps Organization: Three Best Practices

by Pete Cheslock , posted in Cloud Security, Security, DevOps, SecOps, Cloud Security Best Practices

Cloud_Security_Webinar_Blog_Banner-1.jpg

You’re a week into your new job and a colleague shouts out across the room before a big deployment: “Hey John, you’ve got security covered, right?” You rush over to your good friend Google for a few quick ideas on implementing security best practices into DevOps and timidly shake your head “yes” at your colleague.

Read More [fa icon=long-arrow-right"]

Sep 22, 2016 1:15:57 PM

[fa icon="comment"] 0 Comments

Why All Employees Should Be Security Ambassadors — and How to Do It

by Pete Cheslock , posted in Cloud Security, Security, DevOps, Security-Enabled DevOps

Security-Ambassador-Blog-Banner.jpg

 A recent Motherboard article caught our eye and got us thinking about who is — and who should be — responsible for security in an organization. The article, titled “We Need to Change the Psychology of Security,” makes the argument that, by treating security as a specialization that belongs only to a few people in an organization (the security team), we are crippling our ability to successfully achieve security at scale.

The author, Adrian Sanabria, makes some excellent points. After reading the article, we wanted to share some actionable ways that organizations can go about deputizing their employees as security ambassadors.

Read More [fa icon=long-arrow-right"]

Sep 15, 2016 12:14:49 PM

[fa icon="comment"] 0 Comments

DevOpsDays Chicago 2016: Dev, Ops, & the Role of Security

by Tom McLaughlin , posted in Security, DevOps, SecOps, InfoSec, Event, CloudSecurity, DevOpsDays

devopsdays-chicago-2016-blog-banner-1.jpg

Last week I spent two great days at DevOpsDays Chicago. Usually, I attend conferences to listen to the talks, but in Chicago I was representing Threat Stack (one of the event’s Gold Sponsors), so my job was mostly listening to engineers discuss their organization’s security stance and requirements. I learned a lot from the conference — especially about the integration of Security into a DevOps world.

Read More [fa icon=long-arrow-right"]

Sep 9, 2016 9:57:39 AM

[fa icon="comment"] 0 Comments

ShadowOps is Not Just Bad DevOps

by Apollo Catlin , posted in Cloud Security, DevOps, Systems Thinking, ShadowOps

ShadowOps-Blog-Banner.jpg

Some alarmists or buzzword-feeders like to say “DevOps is dead.” But this statement either betrays a grossly inaccurate understanding, or it’s a deliberate mischaracterization of the nature of DevOps (i.e., what it is, what its limitations are, and what problems may surround it).

Read More [fa icon=long-arrow-right"]

Aug 30, 2016 12:08:14 PM

[fa icon="comment"] 0 Comments

How to Apply DevOps Culture to Security & Why You Should Do It

by Pete Cheslock , posted in Cloud Security, Security, DevOps, SecOps, Security-Enabled DevOps

TS16031_ThreatStack_DevOpsCulture_ThreatStack_BlogImg.jpg

Unless you’ve been living under a rock (or don’t work in the tech industry), you’ve probably heard the term DevOps thrown around. A mashup of “development” and “operations,” DevOps is a mindset and set of practices that focus on collaboration and communication between software developers and other IT professionals with the goal of automating both software delivery and infrastructure changes.

Read More [fa icon=long-arrow-right"]

Jun 17, 2016 8:35:26 AM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all