If you’ve ever hired security pros, then you know the current talent shortage is no joke. A recent Computerworld survey found that compensation for security specialists is growing faster than for any other role in IT (up 6.4% year-over-year in average total compensation), and the competition for talent is fierce. Finding the right talent can be a lengthy process, leaving your security hopes and dreams in limbo.
So, what’s an organization to do? Many companies are working hard to streamline security operations and answer the talent shortage with changing tactics to match the changing role of security. Organizations need to maximize the value of their security hires now more than ever. Below, we’ll cover five tips that can help you get the most out of your security team’s time and talents. Read more “5 Tips to Streamline Your Security Team”
If you’re already on the Slack bandwagon, then you have probably experienced first-hand how it can make communications between teams far simpler and more streamlined. With 1.7 million daily active users, it’s clear Slack has come to dominate the team chat world, especially in tech and tech-savvy industries.
From a security perspective, Slack has done a solid job of keeping its assets on lock. In 2016, they scored Geoff Belknap from Palantir to become chief security officer. And they have been pretty transparent about their approach to security. They have dedicated a whole section of their website to it and published interviews with Belknap and others that delve into Slack’s precautions and philosophy around security. Belknap says, “My job is to worry. Professionally. So that our customers don’t have to.” We love that attitude!
The company has also gone to the trouble of certifying many of its products to meet stringent compliance regulations like FINRA, HIPAA, and SOC 2 and 3, which makes it a no-brainer for small teams and enterprises alike.
So, we feel that it’s perfectly possible for companies of all shapes and sizes to lean on Slack for team chat and ops without worrying too much about security. But, we also believe in the shared responsibility model when it comes to any form of online security. No one’s perfect, and Slack’s ubiquity and popularity mean that it will always be a target for cybercriminals looking to steal information.
There’s no need to run scared, but you do need to be smart about how you use this valuable tool. Here are our tips for running Slack securely at your organization. Read more “How to Stay Secure on Slack”
Jump Starting Cloud Security Playbook
Learn how to establish a cloud security baseline and rapidly strengthen your security.
The IRS recently issued a warning that W-2 phishing scams are on the rise. In fact, 29,000 victims have already been claimed in 2017 to date! The attacks this year have started earlier than in previous years and are targeting a broader range of businesses. It’s time we learned how to better protect ourselves against this rampant form of fraud. Read more “W-2 Phishing Scams: What You Need to Know to Stay Secure”
Exploits feed on vulnerabilities. Vulnerabilities, in turn, pave the way for exploits. These closely related security concepts are often confused, but it’s key to understand the difference and how they each play out to make sure your systems are as airtight as they can possibly be. Read more “Vulnerabilities and Exploits: What You Need to Know”
Over the past couple of years, a discussion has been brewing in the Security community about the future of its work. On one hand, the need for a cloud security service is more urgent than ever as all areas of business and personal computing are being impacted by cyber threats. On the other hand, the process of delivering software has changed: We have significantly streamlined the development process by reducing organizational silos through various implementations of a DevOps culture.
So here’s the question: Faced with this changing landscape, how can Security transform the way it does business in order to contribute its full value — without negatively impacting development schedules and operational procedures? Security needs to adjust to the rapid and agile world of the cloud, but the transition doesn’t have to be difficult. The Ops community faced a similar transition when it integrated with Dev, and there’s much that Security can learn from their experience.
Read more “5 Things Security Can Learn From Operations’ Transition Into DevOps”
As we hurtle into the future, it often seems that talk in the tech media revolves around cloud computing. But the reality for many companies, especially larger enterprises, is that the transition to the cloud is going to take time. In many cases, today’s environments are more of a hybrid — with some assets residing in the cloud, while others are firmly on-premise, and still more are in a state of transition. Regardless of where your organization is on this continuum, security needs to go right along with it.
The good news is that there’s no need to sacrifice security — or visibility — because some or all of your resources remain on-prem. Read more “The Realities of Hybrid Computing Today & How to Stay Secure”
A big difference in the way on-premise infrastructures and cloud infrastructures are implemented centers on the way that user permissions are assigned. As you move towards software-defined everything, where data and systems are far more connected (generally a good thing), you need to pay special attention to the roles and permissions you grant to ensure that users are only given as much access as they absolutely need. No more, no less. Read more “Considerations For Creating Secure User Groups on AWS Using IAM”
Security is a shared responsibility when you run your business on Amazon Web Services (AWS). To hold up your end of the bargain, there are many best practices at companies should be employing early on (but often don’t) to ensure that they’re maintaining security and that it can scale as the company grows.
Read more “Best Practices for Implementing & Scaling Security in AWS”
10 Best Practices for Securing AWS Workloads
Read this eBook to develop a comprehensive security posture in the cloud in 10 steps.
There’s no question that Amazon Web Services is an incredibly powerful and secure cloud services platform for delivering all sorts of software applications. AWS offers an extensive number of products and services for creating a scalable, reliable, and flexible architecture that meets the unique needs of your development. However, it can be difficult to know how to approach securing your AWS infrastructure. While we can’t give you insight into all of them, of course, we are going to talk about the security benefits provided by three of our favorites, just to get you started.
Ask three people what SecOps is and chances are you’ll get three different descriptions:
- It’s a team
- It’s a job title
- It’s a methodology
All of these definitions are, in fact, correct. Smaller companies may implement a SecOps methodology where everyone is a security ambassador, whereas larger companies with more personnel can assemble an entire team and designate specific SecOps job titles. Whichever is the case for you, there are five ingredients that must be part of any successful SecOps implementation. Read more “The 5 Ingredients of a Successful SecOps Implementation”