Iron Clad DevOps Security for your EC2 Environments: Webinar with GigaOM

Join Threat Stack’s Director of Ops & Support, Pete Cheslock, as he discusses the security needs of modern, DevOps-managed infrastructures with Greg Ferro, Independent Analyst, and Matt Sarrel, Executive Director of Sarrel Group, in next week’s GigaOM webinar. 

With the lack of sophisticated security features in public cloud infrastructure environments like AWS, it’s critical for DevOps teams to implement audit trails in order to adhere to compliance and regulation mandates. Continuous security monitoring is the answer and on February 11th, Pete, Greg and Matt will be discussing the importance of having this new level of visibility into an entire EC2 attack surface. 

Read more “Iron Clad DevOps Security for your EC2 Environments: Webinar with GigaOM”

The Linux “Grinch” Vulnerability: Separating Fact From FUD

Recently, a security firm reported what they claimed to be a flaw with a major impact on organizations running Linux. (And apparently since all the rage these days is to give bugs code names, they pre-seeded the market with this timely one: “grinch”).

Linux software bugs have been huge this year, leaving administrators reeling to patch themselves from Shellshock, Heartbleed, POODLE, etc. With claims that this vulnerability could have an impact similar to Shellshock, I really wanted to dive into what the “grinch” bug means in order to separate the fact from the FUD.

Read more “The Linux “Grinch” Vulnerability: Separating Fact From FUD”

4 Steps To Effectively Integrate DevOps Workflows With Cloud Security Practices

I’ve spent most of my career in Operations, and the last 5 years at various organizations advocating and instilling DevOps principles in the teams I work with. One thing I’ve noticed is that most companies value speed over security, which has traditionally been a blocker in delivering software.

Recently, however, with more and more breaches and vulnerabilities reported (Shellshock and Heartbleed to name a just few), I’ve changed my tune. I’m not going to say I’ve become paranoid, but one of the reasons I’ve joined Threat Stack is because I believe how important it is that security gets integrated into the operations process.

Read more “4 Steps To Effectively Integrate DevOps Workflows With Cloud Security Practices”

Bringing Infosec Into The DevOps Tribe: Q&A With Gene Kim

Last week, I had a call with Gene Kim, founding CTO of Tripwire and author of The Phoenix Project (see end of post for more details). I’ve known Gene from the DevOps community for awhile now, so we took this time to dive into all things DevOps and Security, in the end resulting in this great Q&A to share with you all on what bringing Security into DevOps means for us all.

Read more “Bringing Infosec Into The DevOps Tribe: Q&A With Gene Kim”

Threat Stack Introducing SecDevOps at AWS Summit New York

Next Thursday, we will be at the AWS Summit 2014 in New York meeting with AWS users from across the country — many of which are our own customers — as well as leading the discussion around the intersection of Security, Development and Operations and what that means for continuous monitoring in EC2.

Read more “Threat Stack Introducing SecDevOps at AWS Summit New York”