Container Security: Winter is Coming — Dress in Layers!

Recently I had the pleasure of joining hundreds of DevOps pros, IT managers, and security engineers at the first ever Container Security event at LEGOLAND. Attendees discussed the newest technologies, scariest threats, and biggest trends in the evolving world of container security. If you weren’t lucky enough to be a part of the fun, here’s a quick recap of what Threat Stack’s Director of Product, Todd Morneau, spoke about. Read more “Container Security: Winter is Coming — Dress in Layers!”

Lessons in Resilience: A Conversation on Security at REdeploy 2018

I spent last week out in San Francisco at REdeploy to learn about Resilience Engineering and what it means to build solid, sustainable infrastructures, organizations, and teams. This was the first conference of its type, and it did not disappoint.

While there was an incredible lineup of speakers, the real value, in my opinion, came from the engagement and discussions that took place after the on-stage talks. Not only did the speakers and attendees mingle at every break, but the conference organizers also hosted a speaker panel at the end of each day where attendees could ask questions, and the speakers themselves could discuss some of the themes presented throughout the day. I eagerly took advantage and sat down with a few people to find out what Security means for Resilience Engineering. Read more “Lessons in Resilience: A Conversation on Security at REdeploy 2018”

Security Observability: Operationalizing Data in Complex, Distributed Systems

It’s 2018 — companies are using multiple cloud providers, shifting to microservices, moving monoliths into containers, or maybe even moving to a serverless-style architecture. And while these are the trendy things to do right now, are they right for the business today? Will they be right or wrong for the business tomorrow? Is what we’re doing too complex if the Next Big Thing comes along and you want to leverage it without having to complete a major lift-and-shift?

Regardless of the direction your company is moving in, change is a great opportunity to evaluate your security practices and consider how you can add observability to your operations. Read more “Security Observability: Operationalizing Data in Complex, Distributed Systems”

Black Hat USA 2018: A SecOps Recap

Last week, I had the pleasure of joining thousands of security researchers, vendors, marketers, press, and bloggers converging on the desert and Mandalay Bay for my first-ever Black Hat USA conference. Attendees discussed the newest research, latest technologies, scariest threats, and biggest trends in this crazy world of cybersecurity. If you weren’t lucky enough to be part of the fun, here’s a quick recap of Black Hat USA 2018 (aka Security Summer Camp). Read more “Black Hat USA 2018: A SecOps Recap”

Planning to Join the Other 50,000 Security Aficionados at Black Hat USA?

Secure the Strange Things Happening in Your Cloud

Booth #2316 | August 8 – 9 | Las Vegas, NV

Black Hat USA is coming up fast!

So plan your activities now, starting with a visit to Booth #2316 where Threat Stack’s experts will be waiting to say Hi, hand out some great swag, and share ideas on how your Security and Operations teams can address their unique security and compliance issues when building in the cloud. Read more “Planning to Join the Other 50,000 Security Aficionados at Black Hat USA?”

101 AWS Security Tips & Quotes, Part 1: Essential Security Practices

With more companies than ever leveraging cloud services like AWS, and with cloud environments becoming more and more complex, it’s imperative that organizations develop comprehensive, proactive security strategies that build security in from Day 1 and evolve as their infrastructures scale to keep systems and data secure.

To help as you create a strong security posture for your organization, we’ve compiled a list of 101 AWS security tips and quotes from cloud experts and security thought leaders (including a few from Threat Stack).

To make the list manageable, we’ve divided it into four separate blog posts, which we’ll publish over the next few weeks:

  • Part 1: Essential Security Practices
  • Part 2: Securing Your AWS Environment
  • Part 3: Best Practices for Using Security Groups in AWS
  • Part 4: AWS Security Best Practices

Read more “101 AWS Security Tips & Quotes, Part 1: Essential Security Practices”