Pat Cable's Latest Blogs

20 total posts.

4 Min Read
Enabling EMR Self-Service With ChatOps

Pat Cable

February 27, 2020

The Threat Stack Security Operations Center loves data. And Threat Stack has a lot of data! Our SOC analysts leverage Amazon Elastic MapReduce and ...

4 Min Read
Tips on How to Stay Secure at Conferences

Pat Cable

December 10, 2019

At Threat Stack, we attend a lot of conferences: They can be a powerful way to connect with like-minded professionals and educate yourself on ...

6 Min Read
Protecting Infrastructure With TLS Client Authentication

Pat Cable

September 12, 2019

Here at Threat Stack we really like Yubikeys — and they’re a critical part of our security program. Many folks know Yubikeys for their ability to ...

2 Min Read
Trash Taxi: Taking Out the Garbage in Your Infrastructure

Pat Cable

August 29, 2019

Trash Taxi: A Lifecycle Management Tool for Superuser Discovery & Cleanup ...

3 Min Read
How to Create a Threat Model for Cloud Infrastructure Security

Pat Cable

October 30, 2018

Our Motto is: Threat Modeling: The sooner the better, but never too late. — OWASP The practice of creating a threat model can help teams ...

3 Min Read
How to Avoid Targeted AWS Attacks With Secure AWS Keys

Pat Cable

July 25, 2018

If the headlines are any indication, hackers continue to exploit vulnerabilities in cloud infrastructure platforms, with targeted AWS attacks ...

3 Min Read
Access Management Lessons From Timehop’s Cloud Security Breach

Pat Cable

July 10, 2018

Over the past couple of weeks, both Macy's and Timehop experienced breaches as a result of authentication weaknesses. On July 4, social media startup ...

3 Min Read
Three Homegrown SecOps Tools Used by the Threat Stack Team

Pat Cable

July 9, 2018

As a security company, there’s a lot of pressure to keep our data secure while still moving fast and innovating on product development. I find the ...

15 Min Read
21 InfoSec and AWS Experts Reveal the #1 Mistake Companies Make When It Comes to AWS Security (and How to Avoid It)

Pat Cable

May 16, 2018

More companies are moving to the cloud than ever before. Amazon Web Services (AWS) is one of the most popular cloud platforms, and for good reason: ...

4 Min Read
What Happens When You Sacrifice Security for Speed (And Common Ways Security Gets Sacrificed)

Pat Cable

May 3, 2018

No matter where you sit in your organization, you should know what happens when you sacrifice security for speed. Threat Stack recently surveyed ...

3 Min Read
The 5 Biggest Obstacles to SecOps Success

Pat Cable

April 12, 2018

Even organizations that understand the importance of cybersecurity in theory often stumble when it comes to marrying security initiatives with their ...

3 Min Read
How to Get Your SaaS Company SOC 2 Compliant With Minimal Headaches

Pat Cable

February 27, 2018

SOC 2, which was developed by the American Institute of CPAs (AICPA), is specifically designed for service providers storing customer data in the ...

3 Min Read
Velocity and Security: 5 Posts to Help You Get Security Up to Speed

Pat Cable

November 30, 2017

There’s a lot of talk in the business world — especially the software-driven side of it — about achieving and maintaining velocity. The ability ...

2 Min Read
VPNNotify: A VPN Notification bot for Slack

Pat Cable

September 5, 2017

In an earlier post, we talked about how we implemented centralized authentication at Threat Stack. This project initially allowed us to create ...

2 Min Read
Authkeys: Making Key-Based LDAP Authentication Faster

Pat Cable

April 21, 2017

Authkeys, Threat Stack’s new open source tool, performs LDAP lookups of SSH keys without the need for using scripts or other interpreted code. You ...

2 Min Read
Balancing Security and Your On-Call Rotation Using Deputize

Pat Cable

April 14, 2017

Threat Stack, like many other Software-as-a-Service providers, has an on-call rotation. During any week, two members of our engineering organization ...

6 Min Read
Reliable UNIX Log Collection in the Cloud

Pat Cable

February 28, 2017

One way organizations can improve their security and operational ability is to collect logs in a central location. Centralized logging allows ...

4 Min Read
Securing User Credentials With the YubiKey 4

Pat Cable

December 20, 2016

I’m a big fan of the YubiKey 4. The YubiKey is a security device that originally outputted a 44-character “one time password” that could be ...

5 Min Read
Five Lessons We Learned on Our Way to Centralized Authentication

Pat Cable

October 25, 2016

In many startups, centralized authentication is a "future us" problem. Setting up centralized auth is useful for managing your network, but requires ...

4 Min Read
Protecting Sensitive Credentials by Sharing Secrets in the Cloud

Pat Cable

October 6, 2016

In the life of many organizations, developers and operations people need credentials that they can use in case of emergency — when, for example, ...