8 Min Read

Ask Us Anything: Recap on How to Get Started With DevOpsSec

The Threat Stack Team

March 15, 2017

You’re probably familiar with DevOps by now. It’s the collaboration between Development and Operations teams by leveraging the same tools and ...

3 Min Read

DevOpsing at Home

Vitaliy Zakharov

March 13, 2017

I remember the days when SysAdmins bragged about server uptimes that were sometimes measured in years. I have been out of the SysAdmin world for ...

6 Min Read

Reliable UNIX Log Collection in the Cloud

Pat Cable

February 28, 2017

One way organizations can improve their security and operational ability is to collect logs in a central location. Centralized logging allows ...

16 Min Read

Cloud Security Best Practices: Finding, Securing, & Managing Secrets, Part 2

Tom McLaughlin

February 26, 2017

In Part 1 of this post we explained how you can find all the secrets in your environment. In Part 2 we will discuss effective ways to store and ...

3 Min Read

How to Use Ops Tools for Security and Security Tools for Ops

Tim Armstrong

February 17, 2017

Investing in SecOps doesn’t just mean hiring folks who know how to blend together software development, IT operations, and security skillsets. It ...

5 Min Read

Parsing Simple Grammars in Scala With parboiled2

Ryan Plessner

January 25, 2017

parboiled2 is a Macro-Based PEG Parser Generator written in Scala. It has become our preferred tool for creating parsers for simple grammars. It ...

6 Min Read

Test Systems: The Soft Underbelly of System Security

Apollo Catlin

December 22, 2016

Test systems are the guts of your overall system design. Test systems embody an incredible amount of the history of how your team’s code and ...

4 Min Read

Securing User Credentials With the YubiKey 4

Pat Cable

December 20, 2016

I’m a big fan of the YubiKey 4. The YubiKey is a security device that originally outputted a 44-character “one time password” that could be ...

2 Min Read

Unit Testing With Webpack & Mocha

Vitaliy Zakharov

December 19, 2016

After moving our build infrastructure to webpack, one of the hurdles we had to overcome was finding a good way to run unit tests. Quite a few ...

4 Min Read

4 Ways to Make Tech Debt Great Again

Lucas DuBois

December 6, 2016

The cursor blinks steadily as you stare at a line of code that seemingly serves no purpose. You’re trying to fix a bug that is clearly manifested ...

5 Min Read

5 Things Security Can Learn From Operations' Transition Into DevOps

Tom McLaughlin

December 2, 2016

Over the past couple of years, a discussion has been brewing in the Security community about the future of its work. On one hand, the need for a ...

4 Min Read

Too Big to Succeed: Monolithic Madness

Lucas DuBois

November 28, 2016

We’ve all been there. You start your pretty new [insert language here] project, with a vow to do things right. You carefully discuss the project ...

4 Min Read

Ramping up on Finch: Avoiding Common Gotchas

Ryan Plessner

November 23, 2016

While we have been using Scala for awhile at Threat Stack, we haven’t been overly satisfied with the HTTP servers that we have used. So a few ...

5 Min Read

Vulnerability Management: Navigating the Deep Dark Pit of Version Numbers

Tim Armstrong

November 8, 2016

One of the first things any security practitioner will tell you to do is keep your software up to date. It’s the number one way to protect against ...

6 Min Read

C++ in the Linux kernel

Nathan Cooprider

October 28, 2016

I've seen some crazy things. I've also done some crazy things. I’m going to tell you about one of them. A developer walks into a bar. He then ...

5 Min Read

Five Lessons We Learned on Our Way to Centralized Authentication

Pat Cable

October 25, 2016

In many startups, centralized authentication is a "future us" problem. Setting up centralized auth is useful for managing your network, but requires ...

3 Min Read

The SecOps Playbook: What I’ve Learned About Integrating Security Into DevOps

Pete Cheslock

October 21, 2016

The Threat Stack SecOps Playbook is now available! Why We Created a SecOps Playbook I have experienced the transition to SecOps up close and ...

3 Min Read

A Look Back at AppSecUSA: From Application Security to DevOps and Beyond

Tim Armstrong

October 18, 2016

Last week I spent two fantastic days in Washington, DC attending the AppSecUSA Conference on behalf of Threat Stack, one of the event’s Silver ...

8 Min Read

Useful Scala Compiler Options, Part 3: Linting

Ryan Plessner

October 4, 2016

In my previous two posts on Scala Compiler options, we saw a number that can improve your experience developing Scala. In this post I want to focus ...

4 Min Read

My Journey in Scala, Part 3: None is Better Than Undefined

Joe Baker

September 26, 2016

Here’s the situation: At Threat Stack we consume a torrent of security event data every day, and as many new customers come on board, the amount of ...

4 Min Read

How to Create a Security-Minded DevOps Organization: Three Best Practices

Pete Cheslock

September 22, 2016

You’re a week into your new job and a colleague shouts out across the room before a big deployment: “Hey John, you’ve got security covered, ...