Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

Boston Cloud Security & Incident Management Workshop Recap

by Tom McLaughlin, posted in Cloud Security, DevOps, SecOps, PagerDuty, DevSecOps, Incident Management, Workshop, Cloud Security Maturity Model

PagerDuty Workshop Event Recap Blog Banner.jpg

Last night we got together with our good friends from PagerDuty to host an event at District Hall in the Seaport area of Boston. It was a fun evening, offering product-related presentations, a wide-ranging panel discussion, and an opportunity to socialize with friends, colleagues, and other like-minded folks.

Before we go further, you may ask why we’re teaming up with PagerDuty. PagerDuty and Threat Stack have a tight product integration that enables you to manage all types of alerts in one place, making sure you have an end-to-end security solution that alerts you when the unexpected occurs. A great combination!

Read More [fa icon=long-arrow-right"]

Jan 13, 2017 4:29:58 PM

[fa icon="comment"] 0 Comments

A Look Back at AppSecUSA: From Application Security to DevOps and Beyond

by Tim Armstrong, posted in Cloud Security, DevOps, SecDevOps, SecOps, Event, IoT, IoT Security


Last week I spent two fantastic days in Washington, DC attending the AppSecUSA Conference on behalf of Threat Stack, one of the event’s Silver Sponsors.

When people think of the AppSec event, I assume the first thing that comes to mind is just that: Application Security. Given the fact that Threat Stack is more widely known for helping organizations protect their cloud environments, you might well ask why we took part in a show that’s not strictly dedicated to infrastructure security.

Great question, but as you’ll see, the answer is rooted in a match up between a rapidly evolving technology landscape and Threat Stack’s core mission.

Read More [fa icon=long-arrow-right"]

Oct 18, 2016 10:51:25 AM

[fa icon="comment"] 0 Comments

How to Create a Security-Minded DevOps Organization: Three Best Practices

by Pete Cheslock, posted in Cloud Security, Security, DevOps, SecOps, Cloud Security Best Practices


You’re a week into your new job and a colleague shouts out across the room before a big deployment: “Hey John, you’ve got security covered, right?” You rush over to your good friend Google for a few quick ideas on implementing security best practices into DevOps and timidly shake your head “yes” at your colleague.

Read More [fa icon=long-arrow-right"]

Sep 22, 2016 1:15:57 PM

[fa icon="comment"] 0 Comments

Why All Employees Should Be Security Ambassadors — and How to Do It

by Pete Cheslock, posted in Cloud Security, Security, DevOps, Security-Enabled DevOps


 A recent Motherboard article caught our eye and got us thinking about who is — and who should be — responsible for security in an organization. The article, titled “We Need to Change the Psychology of Security,” makes the argument that, by treating security as a specialization that belongs only to a few people in an organization (the security team), we are crippling our ability to successfully achieve security at scale.

The author, Adrian Sanabria, makes some excellent points. After reading the article, we wanted to share some actionable ways that organizations can go about deputizing their employees as security ambassadors.

Read More [fa icon=long-arrow-right"]

Sep 15, 2016 12:14:49 PM

[fa icon="comment"] 0 Comments

DevOpsDays Chicago 2016: Dev, Ops, & the Role of Security

by Tom McLaughlin, posted in Security, DevOps, SecOps, InfoSec, Event, CloudSecurity, DevOpsDays


Last week I spent two great days at DevOpsDays Chicago. Usually, I attend conferences to listen to the talks, but in Chicago I was representing Threat Stack (one of the event’s Gold Sponsors), so my job was mostly listening to engineers discuss their organization’s security stance and requirements. I learned a lot from the conference — especially about the integration of Security into a DevOps world.

Read More [fa icon=long-arrow-right"]

Sep 9, 2016 9:57:39 AM

[fa icon="comment"] 0 Comments

ShadowOps is Not Just Bad DevOps

by Apollo Catlin, posted in Cloud Security, DevOps, Systems Thinking, ShadowOps


Some alarmists or buzzword-feeders like to say “DevOps is dead.” But this statement either betrays a grossly inaccurate understanding, or it’s a deliberate mischaracterization of the nature of DevOps (i.e., what it is, what its limitations are, and what problems may surround it).

Read More [fa icon=long-arrow-right"]

Aug 30, 2016 12:08:14 PM

[fa icon="comment"] 0 Comments

How to Apply DevOps Culture to Security & Why You Should Do It

by Pete Cheslock, posted in Cloud Security, Security, DevOps, SecOps, Security-Enabled DevOps


Unless you’ve been living under a rock (or don’t work in the tech industry), you’ve probably heard the term DevOps thrown around. A mashup of “development” and “operations,” DevOps is a mindset and set of practices that focus on collaboration and communication between software developers and other IT professionals with the goal of automating both software delivery and infrastructure changes.

Read More [fa icon=long-arrow-right"]

Jun 17, 2016 8:35:26 AM

[fa icon="comment"] 0 Comments

Why Did We Need to Invent DevSecOps?

by Tom McLaughlin, posted in Cloud Security, DevOps, SecOps, DevSecOps


While the term "DevSecOps" has started to come up more often recently, we’re still wrapping our heads around “DevOps” to answer questions such as "How do I implement DevOps?", "Where do I find DevOps engineers?", and "What does DevOps even mean because I just asked 6 people and got 8 different answers?"

Read More [fa icon=long-arrow-right"]

Jun 1, 2016 3:32:37 PM

[fa icon="comment"] 0 Comments

A Look Back at DevOpsDays Austin 2016

by Pete Cheslock, posted in DevOps, SecOps, DevSecOps


Last week I had the pleasure of attending DevOpsDays Austin with my team from Threat Stack Cloud Security, one of the event’s sponsors. DevOpsDays has been growing at an incredible rate, and this year’s event was moved to a larger venue, the Darrell K. Royal–Texas Memorial Stadium. Once again, the organizers prepared a top tier event, showcasing DevOps, Security, Culture, and even a dedicated Containers track.

Read More [fa icon=long-arrow-right"]

May 10, 2016 12:46:02 PM

[fa icon="comment"] 0 Comments

The Weekly Security and DevOps News Brief

by The Threat Stack Team, posted in Cloud Security, Security, DevOps, SecDevOps, SecOps, Cloud


A lot happened in the world of security and DevOps this week. Here are top posts we saw:

Read More [fa icon=long-arrow-right"]

Apr 22, 2016 3:18:30 PM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all