It seems that organizations are finally understanding the importance of bridging the gap between security and operations. In a survey we conducted recently, 85% of respondents said that employing SecOps best practices is an important goal for their organizations. Nevertheless, only 35% reported that SecOps is currently an established practice.
When it comes to the ideal of marrying security and operations, many are held back by a lack of expertise. The cybersecurity skills gap has created a severe talent drought in the industry, which is expected to leave 3.5 million cybersecurity jobs open by 2021.
It’s worth looking at what the qualities of an ideal security hire are in today’s business climate, and why it’s so difficult to find these types of professionals. In this post, we’ll outline the skill sets that cybersecurity professionals need to cultivate in the age of the cloud, explain why that ideal is so hard to find, and offer practical advice for moving your SecOps program forward, regardless of who you’re able to bring on your team full-time. Read more “Profile of an Ideal Security Hire in 2018”
Congratulations to Evident.io on having your cloud story acquired by Palo Alto Networks. Your vision, passion, and commitment have been rightly recognized and rewarded.
At Threat Stack we are thrilled by this news — this acquisition further validates the conviction of the IT security market to invest in, and adapt, their approaches to the changing needs of customers driven by broad public cloud adoption. After all, no company is just a software company — they are also quickly becoming a cloud company. Read more “Destiny is Defined by the Journey: Evident.io Acquired by Palo Alto Networks”
Good CEOs are committed to moving their companies forward, increasing revenue, and ensuring that their teams are productive. When business challenges arise, they approach them with the best intentions. After all, it’s the CEO’s job to have the company’s best interests in mind.
Recently, at Threat Stack, we surveyed DevOps and security pros to learn how cybersecurity is being implemented at their companies. In this post, we’re sharing what we learned about how a CEO’s attitude to and perspective on cybersecurity can affect the whole organization, as well as how to approach the challenges that may arise. This is the first in a series of four posts where we dive into the data we unearthed during this survey. Read more “How CEOs Can Be a Cybersecurity Liability (And What to Do About It)”
Live Thursday, March 1 at 1:00 p.m. EST (18:00:00 UTC)
Click here to register.
A recent Threat Stack survey finds that over 50% of companies admit to cutting back on security measures to meet a business deadline or objective. As long as companies are willing to sacrifice security to gain speed, the long-held dream of marrying DevOps and security won’t come true.
Who & What
Join this webinar to hear Pete Cheslock, Threat Stack Senior Director of Operations, and Franklin Mosley, PagerDuty Senior Application Security Engineer, discuss the current status of SecOps along with critical gaps and obstacles.
Here are a few of the survey findings:
- 68% of companies say their CEO demands that DevOps and security teams do nothing to slow the business down
- 57% percent say their Operations team pushes back on security best practices
- 44% of developers aren’t trained to code securely
- Live Thursday, March 1 at 1:00 p.m.EST (18:00:00 UTC)
As a SaaS provider, securing your environment from known threats is one thing, but how about the unknown? That’s a different story altogether, and it’s exactly why the security community is so worked up over Meltdown and Spectre. With so much to learn about the newly discovered vulnerabilities and the threats they pose, many have been sent into a bit of a tailspin. But, before you give in to the panic, we’ve laid out specific steps below that can help you mitigate the risks in order to keep your data and that of your customers secure. Read more “Meltdown & Spectre: How to Secure Your SaaS Environment From Unknown Threats”
At Threat Stack, we believe in building a security culture that starts at the top and functions as a cross-organizational discipline. Achieving this goal requires education and transparency among business partners. That’s why we at Threat Stack have built our own internal security council, which meets regularly and reviews issues that are relevant and timely for our organization. Read more “How a Cloud Security Company Runs Its Security Council”
As a SaaS company, your time and resources are valuable. You need to make solid, strategic decisions about where to focus your time and energy. You also need to ensure that your organization is secure and compliant in the ways that matter to you and to your customers.
When it comes to security tools, there are a few options:
- Build your own
- Buy a bunch of point solutions
- Use open source security tools
- Invest in a security platform
Read more “The Costs of Open Source & Point Solutions for SaaS Security”
Live January 30 at 1:00 p.m. EST (10:00 a.m. PST)
Click here to register.
Today’s headlines are full of dire news about the latest cybersecurity threats, and without fail, these blur the lines between hype and reality.
As a security, technology, or product leader, you need to separate fact from fiction so you can give your stakeholders an accurate picture of the security and compliance issues your company is facing along with a realistic plan for how you intend to manage them. Read more “Upcoming Webinar: “5 Security & Compliance Questions Your SaaS Business Should be Prepared to Answer in 2018””
This post discusses the Meltdown and Spectre vulnerabilities, provides some proactive actions that can be taken to mitigate them, and also discusses the use of behavior-based analysis to detect attacks that take advantage of these or similar vulnerabilities, regardless of their signature. Read more “Meltdown & Spectre: What You Need to Know”
It is very clear by now that the cloud has reached an inflection point. Public cloud investment continues its rapid expansion, driven in large part by business imperatives for speed and scale. Gartner projects 18% cloud growth in 2017, with an increase of 36.8% for IaaS. So, the odds are your company is running at least some of its infrastructure in the public cloud.
Of course, no matter how many benefits it offers, it is often not possible for organizations to make a clean leap to the cloud. Many find themselves with infrastructures that include cloud, multi-cloud, hybrid, on-premise, and containerized environments. So what do you need to do to protect these complex structures?
We recently conducted a survey with ESG Strategy Group (Threat Stack Cloud Security Report 2017: Security at Speed & Scale) to learn more about the realities of hybrid environments today. Below are some of our findings as well as recommendations on how to secure your environment, no matter what it consists of. Read more “Hybrid Security: How to Protect a Complex Environment”