This may be the scariest thing you read today . . .

A couple of weeks ago, we posted a survey so people could evaluate their cybersecurity savvy.

And the results are . . .

Well, let’s just say that most of us could brush up our security smarts.

Instead of reviewing the entire survey here, we’re going to focus on three of the questions where most of us were off the mark — and then, if you want, you can take (retake) the quiz to see how well you do. Read more “This may be the scariest thing you read today . . .”

Meet the TUGG’s Guppy Tank: HiTech, the Next Generation

Every year around this time, Threat Stack looks forward to taking part in TUGG’s (Technology Underwriting Greater Good) ‘Tech Gives Back’ day.

Each TUGG event finds us doing something fun, different, and valuable for the community. This year we had the honor of hosting a class of grade 6 students for a fun Guppy Tank event. Yes, it’s what it sounds like… shark tank, for the littles, but with a serious business attitude. Read more “Meet the TUGG’s Guppy Tank: HiTech, the Next Generation”

A Look Back at ChefConf 2017

Last week, over a thousand Chefs descended on the city of Austin for ChefConf 2017. The recipe for the week was two days of talks, numerous technical workshops, a heavy dose of innovation, and a dash of 70’s cover bands. Chef introduced their Chef Client 13 and showed off their newer technologies, like Chef Automate and Habitat, their application configuration and management software. The Threat Stack team (Tom McLaughlin and I) showed up to exhibit with donuts, socks, and plenty of cheesy puns — that’s right, we can help you be SOCK compliant.

NatalieFlatPeteChefConf.png

It was great engaging with the DevOps community and learning more about the challenges everyone is facing as technology evolves faster than anyone can keep up. Throughout the conference, I learned about all of the technological advances that Chef and friends are making and noticed some trends across all the talks and conversations I had with attendees. Here are three of the high-level themes I took away. Read more “A Look Back at ChefConf 2017”

5 Key Takeaways From DevOpsDays Austin 2017

Once again Threat Stack was pleased to be a sponsor and a participant at DevOpsDays Austin 2017 on May 4 & 5. Right off the bat it’s clear that this vibrant conference is continuing to expand, with its year over year increase in the number of attendees (650) and sponsors (40). Of particular note: The importance that people in the DevOps space are placing on security is definitely continuing to grow — and I put together five key observations about security, compliance, and the way DevOps teams operate. So without further commentary, here’s what I learned at DevOps Days Austin.

Read more “5 Key Takeaways From DevOpsDays Austin 2017”

Threat Stack Visitors Guide to Boston

Welcome to Boston!

Our city plays host to many tech conferences throught the year — and Threat Stack actively sponsors and particpates in many of these. To help you with your stay, we’ve compiled a comprehensive map of Boston, attempting to be both helpful (Where’s a nearby pharmacy?) and inclusive (Where are some kosher or halal eating options?).

Read more “Threat Stack Visitors Guide to Boston”

Cicadas & Security, Part 2: When a Verified PGP Key Takes You on a Trip to the Desert

Update!

A message from Cicada was discovered on Pastebin at the end of April 2017. It read “Beware false paths.  Always verify PGP signature from 7A35090F” and was, in fact, signed using the appropriate Cicada 3301 PGP key. Read further to find out how you can verify messages from Cicada and get involved in solving the latest puzzle.


Since our first installment in this series, there has been little excitement around the Cicada 3301 community, as a verified clue has yet to surface online or, as far as we know, in real life. A user going by the handle CicadaDave came forward on Reddit claiming to be part of a four-person team behind Cicada. His original post has since been deleted, but a lone comment remains on the account stating “I am Michael Cicada, aka Cicada Dave. We created Cicada 3301 as a joke between 4 bored MIT students. I am on Facebook if you have questions.”

Read more “Cicadas & Security, Part 2: When a Verified PGP Key Takes You on a Trip to the Desert”

DevOpsing at Home

I remember the days when SysAdmins bragged about server uptimes that were sometimes measured in years. I have been out of the SysAdmin world for quite a while, focusing on software development, and somewhere along the way, a small revolution happened. Here at Threat Stack, our DevOps team embraces immutable infrastructure, which allows us to spin down problematic servers and spin up brand new clean instances in a matter of minutes. Impressed with this approach, I started to look for a way to bring some of these concepts home. Read more “DevOpsing at Home”

How to Use Ops Tools for Security and Security Tools for Ops

Investing in SecOps doesn’t just mean hiring folks who know how to blend together software development, IT operations, and security skillsets. It also doesn’t just mean telling your DevOps team to run secure or scolding your security team into moving fast enough to keep up with continuous deployment.

Truly committing to SecOps means investing in tools that can do double (or triple) duty — helping you not only release code continuously but ensure that everything from your back-end infrastructure to your customer-facing applications is 100% secure. It means investing in tools that make meeting both DevOps and security best practices simple and straightforward.

As DevOps expands to include more security functions and security evolves to be more agile, it’s never been more important (or economical) to be able to use operational tools for security and security tools for operations. DevOps teams want software that can integrate critical functions of security, like alerting, directly into their current processes. Security teams want tools that let them seamlessly interact with DevOps.

Here’s what that should look like. Read more “How to Use Ops Tools for Security and Security Tools for Ops”

Boston Cloud Security & Incident Management Workshop Recap

Last night we got together with our good friends from PagerDuty to host an event at District Hall in the Seaport area of Boston. It was a fun evening, offering product-related presentations, a wide-ranging panel discussion, and an opportunity to socialize with friends, colleagues, and other like-minded folks.

Before we go further, you may ask why we’re teaming up with PagerDuty. PagerDuty and Threat Stack have a tight product integration that enables you to manage all types of alerts in one place, making sure you have an end-to-end security solution that alerts you when the unexpected occurs. A great combination! Read more “Boston Cloud Security & Incident Management Workshop Recap”