Security + Operations — Better Together!
Yesterday was a game-changer for Threat Stack and the cybersecurity community! That’s when we launched the Threat Stack Cloud SecOps Program℠, offering a radical transformation in the way Security and Operations teams can work together.
The Threat Stack Cloud SecOps Program has been purpose-built to give organizations the roadmap, technology, and people they need to integrate Security and Operations. Now companies of all sizes can securely leverage modern infrastructure and DevOps at scale!
To see for yourself, take a look at the following video where core members of the Threat Stack team give insights into the what, why, and how: Read more “Threat Stack Launches Cloud SecOps Program”
Securing any cloud infrastructure is a big job. You have to be constantly up to date when it comes to skills, tools, and technology, as well as the vulnerabilities and threats that crop up continuously. When it comes to security, being stagnant isn’t an option. A good cloud security professional only remains top notch by staying on top of the latest cloud security trends, emerging threats, and best practices.
That’s where cloud security conferences come in, bringing together top experts, cloud security thought leaders, and industry professionals to share tips, tricks, and tactics for bolstering cloud security in the modern landscape.
With the spring conference season kicking off, we’ve rounded up 50 cloud security conferences you should attend in 2018, grouped by quarter so you can easily plan your schedule for the remainder of the year:
Read more “The Best Cloud Security Conferences to Attend in 2018 and Beyond”
Good CEOs are committed to moving their companies forward, increasing revenue, and ensuring that their teams are productive. When business challenges arise, they approach them with the best intentions. After all, it’s the CEO’s job to have the company’s best interests in mind.
Recently, at Threat Stack, we surveyed DevOps and security pros to learn how cybersecurity is being implemented at their companies. In this post, we’re sharing what we learned about how a CEO’s attitude to and perspective on cybersecurity can affect the whole organization, as well as how to approach the challenges that may arise. This is the first in a series of four posts where we dive into the data we unearthed during this survey. Read more “How CEOs Can Be a Cybersecurity Liability (And What to Do About It)”
GDPR. Meltdown. Spectre. SOC 2. Coming at you like mosquitos on a hot summer night, these topics are of top concern for board members and security teams alike this year. But what do you do when these issues really aren’t of concern to your particular organization? And how can you put your board and executive team at ease when these issues hit the news?
Our CSO Sam Bisbee spoke about ways to handle and prepare for each of these hot ticket questions in yesterday’s webinar. You can view the entire webinar or read our recap below so you can begin preparing today. Read more “How to Answer Tough Board-Level Security & Compliance Questions in 2018”
Strong security is vital to any SaaS company, enabling platform stability and integrity while instilling confidence in potential customers.
There’s nothing new in this statement, but, with an eye on the bottom line, C-Level executives, board members, and VC firms often take a little more convincing when it comes to implementing new cloud security strategies — especially if it means shelling out cash for new solutions or team members. Obtaining buy-in for new security initiatives can be a time-consuming task requiring several layers of validation.
There’s a very real risk of security initiatives losing out to more obvious business drivers when it comes time for budget allocation. But as an IT or security team lead, it’s your job to advocate for security priorities. In this post, we’ll outline the steps you can take to get the green light you need for your cloud security strategy. Read more “How to Obtain Buy-in on Security Initiatives for Your SaaS Company”
The global shortage of cybersecurity talent shows no signs of abating, making it harder than ever for smaller businesses to compete for qualified talent. But even if prospects were available and even if you had unlimited budget, throwing resources at the problem would not be the best way to address your security challenges. Instead, we recommend coordinating your limited resources and rethinking security as a shared mission for the entire organization rather than a discrete department.
If you’re facing limited resources and security talent, you can still run secure by following best practices for getting the most out of what you do have. Here are four or our recommendations for running lean in the cloud. Read more “Doing More With Less: 4 Ways to Run a Successful, Lean Security Team”
Today’s marketplace is cluttered with solutions to an extensive array of security risks, from data loss to malware. However, when building your own security arsenal — especially if you are running lean — it’s essential to take a step back and think holistically about what you actually need, rather than to buy products willy nilly and end up with a pile of single-use tools that don’t integrate well.
Below are four recommendations to help you get what you actually need when it comes to cloud security tools, no matter your budget or team size. Read more “Lean Guidelines for Selecting and Managing Cloud Security Solutions”
“This code is fine, right?”
“It should be…”
“Wait… but what about this configuration?”
“Fine, I’ll test it in dev…”
This conversation sounds all too familiar, right? Your non-production environments are the foundation for the tools, applications, and services you provide to your customers. The history of every code deployment, mistake, and refinement made to create your product can be found there.
While test and dev environments serve a different purpose from production environments, they too, can be open to the outside world and introduce risk if not secured. Chances are, the data you’re storing, analyzing, or processing in non-production environments are just as sensitive as the data you push out to production. So why skimp on security here just because it’s not a production environment?
Yesterday, we hosted a brief webinar (led by our Chris Gervais, VP of Engineering) focusing on the importance of securing non-production environments and how to do so. In case you missed it, here’s the recording along with a written recap. Read more “How to Secure a Non-Production Environment (Webinar Recap)”
We recently conducted a survey with Enterprise Strategy Group (ESG) to gather data about the state of cloud security today. As they say, numbers don’t lie, and we wanted to know what the numbers say about how well organizations today are progressing toward a more secure future.
Many of the findings were positive, but we also discovered some critical gaps that need to be filled. The survey clarified what we already suspected: As companies invest in additional cloud environments, the associated complexity can lead to significant security lapses. Below, we’ll explain what these cloud security gaps are and what can be done to bridge them. Read more “Cloud Security: Common Gaps & How to Bridge Them”
Every year around this time, Threat Stack looks forward to taking part in TUGG’s (Technology Underwriting Greater Good) ‘Tech Gives Back’ day.
Each TUGG event finds us doing something fun, different, and valuable for the community. This year we had the honor of hosting a class of grade 6 students for a fun Guppy Tank event. Yes, it’s what it sounds like… shark tank, for the littles, but with a serious business attitude. Read more “Meet the TUGG’s Guppy Tank: HiTech, the Next Generation”