HIPAA Compliance Tips & Best Practices — Training Considerations

What kind of training does your organization need to support HIPAA compliance? A good way to start answering this question is to reference the Department of Health & Human Services (HHS)’s own words:

“The HIPAA Rules are flexible and scalable to accommodate the enormous range in types and sizes of entities that must comply with them. This means that there is no single standardized program that could appropriately train employees of all entities.” [Emphasis added. Ed.]

The standards for training are flexible. But training itself is mandatory: Training is an Administrative requirement of the HIPAA Privacy Rule (45 CFR § 164.530) as well as an Administrative Safeguard of the HIPAA Security Rule (45 CFR § 164.308). Read more “HIPAA Compliance Tips & Best Practices — Training Considerations”

Cloud Security Professional Development & Educational Resource Roundup

The flexibility and speed of cloud computing make is enormously appealing to organizations that are looking to leverage a strong competitive edge. As we’re all aware, however, security threats also exist in the cloud, and enterprise cloud security breaches are increasingly common. In the cloud, visibility throughout your entire infrastructure is a must for proactive risk identification and real-time threat detection across cloud workloads from build-time to runtime. To address the security challenges associated with cloud computing, many organizations are turning to trusted cloud security platforms like Threat Stack for full stack security observability Read more “Cloud Security Professional Development & Educational Resource Roundup”

50 Best Cloud Security Training Resources

The bad news is there’s a global shortage of trained cybersecurity professionals: According to PWC, there will be 1.5 million cybersecurity job openings by 2019, and the talent market is not expected to catch up any time soon. The good news is that hundreds of quality resources are available to help both established and up-and-coming cloud security professionals educate themselves.

If you’re looking for networking opportunities and access to specialized training in your areas of interest, attending cloud security conferences is an excellent way to rack up your credentials, so be sure to visit our list of 50 cloud security conferences to attend in 2018 and beyond.

If conferences aren’t a good option for you, there are lots of other professional development avenues you can take.  To help you in your cloud security training search, we’ve compiled a list of 50 different resources in a variety of categories, ranging from training courses to video content, whitepapers, and more — along with a few useful career resources to help you put those newly acquired skills to work.

It can be difficult to know which training resources are best for your situation, especially when you’re just beginning your career in cybersecurity. That’s why we’ve put this blog post together, grouping resources into logical categories that are intended to help you find resources that are best-suited to your specific needs.

Note: The cloud security training resources discussed below are not ranked in any way, and Threat Stack does not directly endorse any of them. We are simply providing them here for information purposes and have grouped them into logical categories for ease of navigation. Read more “50 Best Cloud Security Training Resources”

101 AWS Security Tips & Quotes, Part 4: Best AWS Security Practices

The fourth — and final — blog post in our series of AWS Security Tips and Quotes offers tips on AWS Security Best Practices. So far the series has covered:

Today’s post offers recommendations that include running a configuration audit, using automation to reduce errors, ensuring that you stay abreast of the latest best practices and recommendations provided by AWS and other resources — and more. Read more “101 AWS Security Tips & Quotes, Part 4: Best AWS Security Practices”

101 AWS Security Tips & Quotes, Part 3: Best Practices for Using Security Groups in AWS

Here’s the third blog post in our 4-part series of AWS Security Tips and Quotes, which is designed to help you evolve and strengthen your organization’s security, building on a proactive, comprehensive security strategy.

So far we’ve covered:

Today the spotlight falls on Best Practices for Using Security Groups in AWS, (and in the final installment, Part 4, we’ll deal with AWS Security Best Practices). Read more “101 AWS Security Tips & Quotes, Part 3: Best Practices for Using Security Groups in AWS”

50 Essential Cloud Security Blogs for IT Professionals and Cloud Enthusiasts

With revenue from the cloud computing sector expected to hit $411 billion by 2020, it’s no wonder that more and more companies are shifting their services to the cloud where flexibility and speed make it attractive for organizations looking to leverage a strong competitive edge. But operating in the cloud also gives rise to a range of security concerns.

We’re doing our part with the Threat Stack Cloud Security Platform® and our newly launched Threat Stack Cloud SecOps Program℠. And since we believe that informed people make better decisions, we’ve made it part of our mission since day one to pass on reliable security information through the Threat Stack blog. Given the rapid pace of change in cybersecurity — along with the growing need to deal with infrastructure in transition as organizations build and manage increasingly sophisticated tech stacks — current, expert content is essential to good security.

Now, as proud as we are of our own blog, there’s a huge amount of excellent information produced by other organizations. So in this post, we’ve compiled details on fifty leading blogs that help professionals stay abreast of the latest news, information, and technologies related to cloud security. Read more “50 Essential Cloud Security Blogs for IT Professionals and Cloud Enthusiasts”

How Threat Stack Does DevOps — Series Overview

Pete Cheslock, Threat Stack’s Senior Director of Operations, has just published a four-part blog series that gives deep insights into his experience “doing DevOps” at a variety of companies — in particular, his highly successful experience building DevOps practices into the fabric of Threat Stack virtually from day one.

We encourage you to read the entire series: It’s loaded with great accounts of what works and doesn’t work in real-life environments  — there’s nothing academic about Pete’s approach — and also offers up lots of practical advice you can draw on if you’re trying to figure out the best way to implement DevOps in your organization. But before you dive in, we thought we’d offer up a reader’s digest version to get you going. Read more “How Threat Stack Does DevOps — Series Overview”

How We Can Turn National Cybersecurity Awareness Month Into Cybersecurity Action

Want to take a peek at the World’s Worst Data Breaches? Here you go:

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/


Now that we’ve got that out of the way, let’s start this blog post over again. Our goal isn’t to frighten you or deepen the numbness you might already be feeling from the drip, drip, drip of bad cyber news.

It’s National Cybersecurity Awareness Month (NCSAM), which was launched in October 2004 as a collaboration between the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security with the goal of raising awareness and providing education on cybersecurity issues.

The name is something of a misnomer, however. NCSAM is really designed to do more than make you aware of cyber risks. It’s bigger goal is to arm you with information and tools you can use to strengthen yourself, your social groups, and your businesses against the cyber criminals who prey on us.

In the spirit of NCSAM, we at Threat Stack want to do our part by sharing some of the advice our bloggers have offered on how to take action to protect yourself and your company from cyberattacks. With that in mind, here are summaries of four recent blogs. Read more “How We Can Turn National Cybersecurity Awareness Month Into Cybersecurity Action”

How to Leverage Automation to Make Your Organization Secure by Design

Yesterday, we co-hosted a webinar with Amazon’s security strategist, Tim Sandage, and SessionM’s director of technical solutions and operations, Jason LaVoie, to discuss how companies can become secure by design using automation.

With cloud providers like AWS making it easier than ever to get up and running in the cloud, the next item on the agenda for many is how to get security up to speed as well. In yesterday’s webinar, Tim, Jason, and our own senior security engineer, Patrick Cable, offered practical and strategic ways for companies to do just this. Read more “How to Leverage Automation to Make Your Organization Secure by Design”

How to Implement a Security Awareness Program at Your Organization

Security isn’t just a technical problem. It’s also a people problem, and keeping the people side of the security equation strong requires that all people in your organization have an awareness of security. This is why security awareness programs are so important.

The goal of a security awareness program — as you may have guessed — is to increase organizational understanding and practical implementation of security best practices. A program like this should apply to all hires — new and old, across every department — and it should be reinforced on a regular basis.

Here’s what you need to know to create a first-class security awareness program at your organization. Read more “How to Implement a Security Awareness Program at Your Organization”