Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

Jun 12, 2017 11:59:08 AM

[fa icon="comment"] 0 Comments

A Look Back at ChefConf 2017

by Natalie Walsh , posted in DevOps, ChefConf 2017

ChefConf Recap 2017 Blog Banner.png

Last week, over a thousand Chefs descended on the city of Austin for ChefConf 2017. The recipe for the week was two days of talks, numerous technical workshops, a heavy dose of innovation, and a dash of 70’s cover bands. Chef introduced their Chef Client 13 and showed off their newer technologies, like Chef Automate and Habitat, their application configuration and management software. The Threat Stack team (Tom McLaughlin and I) showed up to exhibit with donuts, socks, and plenty of cheesy puns — that’s right, we can help you be SOCK compliant.


It was great engaging with the DevOps community and learning more about the challenges everyone is facing as technology evolves faster than anyone can keep up. Throughout the conference, I learned about all of the technological advances that Chef and friends are making and noticed some trends across all the talks and conversations I had with attendees. Here are three of the high-level themes I took away.

Read More [fa icon=long-arrow-right"]

May 30, 2017 10:39:06 AM

[fa icon="comment"] 0 Comments

Resources for DevOps Pros to Learn About Security

by Tom McLaughlin , posted in Cloud Security, DevOps, Professional Development, Security Education

DevOps Pros Security Resources Blog Banner.png

These days, security should be part of everyone’s job. This is especially true for DevOps teams, which are responsible for developing, delivering, and maintaining critical applications for many organizations, and must therefore prioritize security as part of their role. But the world of security can seem like a bit of a mystery until you’ve been exposed to it.

If you or someone on your team is looking to learn more about what it takes to run a secure organization today, we have provided a list of resources below, from conferences to reference books to Twitter handles, that are worth checking out.

Read More [fa icon=long-arrow-right"]

Apr 6, 2017 1:50:14 PM

[fa icon="comment"] 0 Comments

Ask Us Anything: Recap on How to Get Started With DevOpsSec

by The Threat Stack Team , posted in Cloud Security, Webinar, DevOps, DevOpsSec

AMA Recap Blog Banner.png

You’re probably familiar with DevOps by now. It’s the collaboration between Development and Operations teams by leveraging the same tools and processes to get things done more efficiently. Now, Security is being brought into the fold, and this is called DevOpsSec.

Since DevOpsSec is a much newer term and development practice, we wanted to take the opportunity to discuss how companies can get started with many of its foundational elements. There are no two people better equipped to talk about it than Threat Stack’s own Head of Operations, Pete Cheslock, and CTO, Sam Bisbee.

Rather than walking you through a polished slide deck, Pete and Sam wanted to open up the discussion in an AMA (Ask Me Anything) format. We fielded questions from Twitter, LinkedIn, Facebook, as well as email and received hundreds of submissions. On Tuesday, March 14, in the middle of a blizzard here in Boston, they sat down for an hour to answer many of these questions live.

Read More [fa icon=long-arrow-right"]

Mar 15, 2017 4:28:17 PM

[fa icon="comment"] 0 Comments

DevOpsing at Home

by Vitaliy Zakharov , posted in Cloud Security, Security, DevOps, DevOps Tools, DevOps at Home

Devopsing at Home Blog Banner.png

I remember the days when SysAdmins bragged about server uptimes that were sometimes measured in years. I have been out of the SysAdmin world for quite a while, focusing on software development, and somewhere along the way, a small revolution happened. Here at Threat Stack, our DevOps team embraces immutable infrastructure, which allows us to spin down problematic servers and spin up brand new clean instances in a matter of minutes. Impressed with this approach, I started to look for a way to bring some of these concepts home.

Read More [fa icon=long-arrow-right"]

Mar 13, 2017 2:34:08 PM

[fa icon="comment"] 0 Comments

Boston Cloud Security & Incident Management Workshop Recap

by Tom McLaughlin , posted in Cloud Security, DevOps, SecOps, PagerDuty, DevSecOps, Incident Management, Workshop, Cloud Security Maturity Model

PagerDuty Workshop Event Recap Blog Banner.jpg

Last night we got together with our good friends from PagerDuty to host an event at District Hall in the Seaport area of Boston. It was a fun evening, offering product-related presentations, a wide-ranging panel discussion, and an opportunity to socialize with friends, colleagues, and other like-minded folks.

Before we go further, you may ask why we’re teaming up with PagerDuty. PagerDuty and Threat Stack have a tight product integration that enables you to manage all types of alerts in one place, making sure you have an end-to-end security solution that alerts you when the unexpected occurs. A great combination!

Read More [fa icon=long-arrow-right"]

Jan 13, 2017 4:29:58 PM

[fa icon="comment"] 0 Comments

A Look Back at AppSecUSA: From Application Security to DevOps and Beyond

by Tim Armstrong , posted in Cloud Security, DevOps, SecDevOps, SecOps, Event, IoT, IoT Security


Last week I spent two fantastic days in Washington, DC attending the AppSecUSA Conference on behalf of Threat Stack, one of the event’s Silver Sponsors.

When people think of the AppSec event, I assume the first thing that comes to mind is just that: Application Security. Given the fact that Threat Stack is more widely known for helping organizations protect their cloud environments, you might well ask why we took part in a show that’s not strictly dedicated to infrastructure security.

Great question, but as you’ll see, the answer is rooted in a match up between a rapidly evolving technology landscape and Threat Stack’s core mission.

Read More [fa icon=long-arrow-right"]

Oct 18, 2016 10:51:25 AM

[fa icon="comment"] 0 Comments

How to Create a Security-Minded DevOps Organization: Three Best Practices

by Pete Cheslock , posted in Cloud Security, Security, DevOps, SecOps, Cloud Security Best Practices


You’re a week into your new job and a colleague shouts out across the room before a big deployment: “Hey John, you’ve got security covered, right?” You rush over to your good friend Google for a few quick ideas on implementing security best practices into DevOps and timidly shake your head “yes” at your colleague.

Read More [fa icon=long-arrow-right"]

Sep 22, 2016 1:15:57 PM

[fa icon="comment"] 0 Comments

Why All Employees Should Be Security Ambassadors — and How to Do It

by Pete Cheslock , posted in Cloud Security, Security, DevOps, Security-Enabled DevOps


 A recent Motherboard article caught our eye and got us thinking about who is — and who should be — responsible for security in an organization. The article, titled “We Need to Change the Psychology of Security,” makes the argument that, by treating security as a specialization that belongs only to a few people in an organization (the security team), we are crippling our ability to successfully achieve security at scale.

The author, Adrian Sanabria, makes some excellent points. After reading the article, we wanted to share some actionable ways that organizations can go about deputizing their employees as security ambassadors.

Read More [fa icon=long-arrow-right"]

Sep 15, 2016 12:14:49 PM

[fa icon="comment"] 0 Comments

DevOpsDays Chicago 2016: Dev, Ops, & the Role of Security

by Tom McLaughlin , posted in Security, DevOps, SecOps, InfoSec, Event, CloudSecurity, DevOpsDays


Last week I spent two great days at DevOpsDays Chicago. Usually, I attend conferences to listen to the talks, but in Chicago I was representing Threat Stack (one of the event’s Gold Sponsors), so my job was mostly listening to engineers discuss their organization’s security stance and requirements. I learned a lot from the conference — especially about the integration of Security into a DevOps world.

Read More [fa icon=long-arrow-right"]

Sep 9, 2016 9:57:39 AM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all