How to Make SecOps Work in the Real World

Smart organizations already know that running securely is key to success in today’s competitive landscape. So why isn’t security table stakes in 2018?

Unfortunately, there seems to be a disconnect between what organizations want when it comes to security, and what they’re actually able to put into practice. In Threat Stack’s recent report, Bridging the Gap Between SecOps Intent and Reality, we found that 85% of organizations believe bridging the gap and employing SecOps best practices is an important goal, yet just 35% say that SecOps is a completely or mostly established practice at their organizations, and 18% say it’s not established at all.

It’s clear that the challenge is how to make SecOps work in the real world. Whether you’re challenged by a security talent shortage, siloing between teams, out-of-date skills, or major rifts in perception, it is possible to better integrate SecOps using the right strategy.

To help you apply security best practices to your organization, let’s take a look at four concrete ways that teams can begin to close the SecOps chasm. Read more “How to Make SecOps Work in the Real World”

Are You Ready for GDPR Compliance? Here’s a Checklist.

The European Union’s General Data Protection Regulation (GDPR) is going into effect in just two months — on May 25, 2018. Yet a recent Forrester report indicates that only about 30% of companies say they’re ready to comply, and at least some of those firms are actually overstating their readiness.

If you haven’t completed your preparations or you’re not confident about your status, we’ve created the following checklist to help your organization prepare for the upcoming changes. We hope you find it useful. Read more “Are You Ready for GDPR Compliance? Here’s a Checklist.”

Upcoming Webinar — Good, Fast, or Secure? Why DevOps Means You Don’t Have to Choose

Live Tuesday, March 27 at 1:00 p.m. EST

Click here to register.

Overview

Common wisdom holds that, when it comes to software releases, you can only have two of: good, fast, or secure. But we don’t agree at all. When DevOps is implemented thoughtfully and holistically — and when security is brought into the process early — it’s entirely possible to release high-quality, secure code as quickly as the market demands.

In this webinar, we’ll walk you through exactly how Threat Stack has avoided sacrificing security on the altar of speed and share best practices to help you achieve the holy trinity of good, fast, secure code at your organization. Read more “Upcoming Webinar — Good, Fast, or Secure? Why DevOps Means You Don’t Have to Choose”

How Threat Stack Does DevOps — Series Overview

Pete Cheslock, Threat Stack’s Senior Director of Operations, has just published a four-part blog series that gives deep insights into his experience “doing DevOps” at a variety of companies — in particular, his highly successful experience building DevOps practices into the fabric of Threat Stack virtually from day one.

We encourage you to read the entire series: It’s loaded with great accounts of what works and doesn’t work in real-life environments  — there’s nothing academic about Pete’s approach — and also offers up lots of practical advice you can draw on if you’re trying to figure out the best way to implement DevOps in your organization. But before you dive in, we thought we’d offer up a reader’s digest version to get you going. Read more “How Threat Stack Does DevOps — Series Overview”

How to Achieve Type 2 SOC 2 With Zero Exceptions — Webinar Recap

SOC 2 compliance is one of the most common customer use cases we come across here at Threat Stack. Developed by the American Institute of CPAs (AICPA), the framework is designed for service providers storing customer data in the cloud, and SaaS companies among others often turn to us as they begin to feel overwhelmed by the requirements.

Having undergone a Type 2 SOC 2 examination ourselves, Threat Stack’s Senior Director of Operations Pete Cheslock, and Senior Infrastructure Security Engineer Pat Cable, gathered for a webinar recently to discuss exactly what we did to achieve SOC 2 compliance with zero exceptions. Read the recap below, or listen to the full webinar here. Read more “How to Achieve Type 2 SOC 2 With Zero Exceptions — Webinar Recap”

52% of Companies Sacrifice Cybersecurity for Speed — Webinar Recap

Our recent survey found that over 50% of companies admit to cutting back on security measures to meet a business deadline or objective. As long as companies are willing to sacrifice security at the altar of speed, the long-held dream of marrying DevOps and security simply won’t become reality.

To speak to the issue, Threat Stack’s Head of Operations, Pete Cheslock, and PagerDuty’s Senior Application Security Engineer, Franklin Mosley, joined the SANS Institute for a recent webinar. You can listen to the full webinar here or read the major takeaways below. Read more “52% of Companies Sacrifice Cybersecurity for Speed — Webinar Recap”

Upcoming Threat Stack / PagerDuty Webinar: 52% of Companies Sacrifice Cybersecurity for Speed

Live Thursday, March 1 at 1:00 p.m. EST (18:00:00 UTC)

Click here to register.

Overview

A recent Threat Stack survey finds that over 50% of companies admit to cutting back on security measures to meet a business deadline or objective. As long as companies are willing to sacrifice security to gain speed, the long-held dream of marrying DevOps and security won’t come true.

Who & What

Join this webinar to hear Pete Cheslock, Threat Stack Senior Director of Operations, and Franklin Mosley, PagerDuty Senior Application Security Engineer, discuss the current status of SecOps along with critical gaps and obstacles.

Here are a few of the survey findings:

  • 68% of companies say their CEO demands that DevOps and security teams do nothing to slow the business down
  • 57% percent say their Operations team pushes back on security best practices
  • 44% of developers aren’t trained to code securely

When

  • Live Thursday, March 1 at 1:00 p.m.EST (18:00:00 UTC)

New eBook: 5 Ways to Strengthen Your SaaS Security & Build Customer Loyalty

The SaaS subscription model can make churn an unavoidable issue because there’s nothing to prevent customers from cutting ties with one provider and moving to another.

As a security or operations professional at a SaaS company, you know you have to address trust and loyalty at the platform level so your customers experience optimal performance. You also know you have to deal with the unique security requirements associated with your SaaS infrastructure. The good news is, if you take steps to ensure platform stability, performance, and data security, you’ll be well-positioned to attract prospects and build long-term customer trust.

To help you get there, our new eBook — 5 Ways to Strengthen Your SaaS Security & Build Customer Loyalty — offers practical advice and specific steps you can take to avoid operational pitfalls, secure your SaaS business, and give customers the assurances they need to stay loyal to your service. Read more “New eBook: 5 Ways to Strengthen Your SaaS Security & Build Customer Loyalty”

Strategies for Measuring and Monitoring the Cloud Like a Boss — Webinar Recap

As you’re probably well aware by now, security is different in the cloud. The good news, of course, is that running in the cloud offers more visibility than ever before. It’s now possible to gain a bird’s-eye view of your entire environment, something that was unimaginable with on-premise data centers.

In partnership with Dark Reading, Threat Stack’s VP of Product, Chris Ford, got together in a recent webinar to discuss measurement and monitoring in the realm of cloud security with Rich Mogull, CEO and Analyst at Securosis. You can read the recap below or view the entire webinar here. Read more “Strategies for Measuring and Monitoring the Cloud Like a Boss — Webinar Recap”

T-72 Hours to Report a Breach – Are You GDPR Ready? – Webinar Recap

The GDPR deadline is looming large. With fewer than 100 days until May 25, many U.S. companies are still unsure what their responsibilities are under GDPR and what steps they need to take to meet new requirements.

To help you prepare, Threat Stack product marketing manager Hank Schless got together with Paul-Johan Jean, GDPR legal consultant at Sphaerist Advisory to give a high level-summary of GDPR responsibilities for U.S. companies in a recent webinar. You can either stream the archived webinar right now, or read the recap below. Read more “T-72 Hours to Report a Breach – Are You GDPR Ready? – Webinar Recap”