Once again Threat Stack was pleased to be a sponsor and a participant at DevOpsDays Austin 2017 on May 4 & 5. Right off the bat it’s clear that this vibrant conference is continuing to expand, with its year over year increase in the number of attendees (650) and sponsors (40). Of particular note: The importance that people in the DevOps space are placing on security is definitely continuing to grow — and I put together five key observations about security, compliance, and the way DevOps teams operate. So without further commentary, here’s what I learned at DevOps Days Austin.
Welcome to Boston!
Our city plays host to many tech conferences throught the year — and Threat Stack actively sponsors and particpates in many of these. To help you with your stay, we’ve compiled a comprehensive map of Boston, attempting to be both helpful (Where’s a nearby pharmacy?) and inclusive (Where are some kosher or halal eating options?).
A message from Cicada was discovered on Pastebin at the end of April 2017. It read “Beware false paths. Always verify PGP signature from 7A35090F” and was, in fact, signed using the appropriate Cicada 3301 PGP key. Read further to find out how you can verify messages from Cicada and get involved in solving the latest puzzle.
Since our first installment in this series, there has been little excitement around the Cicada 3301 community, as a verified clue has yet to surface online or, as far as we know, in real life. A user going by the handle CicadaDave came forward on Reddit claiming to be part of a four-person team behind Cicada. His original post has since been deleted, but a lone comment remains on the account stating “I am Michael Cicada, aka Cicada Dave. We created Cicada 3301 as a joke between 4 bored MIT students. I am on Facebook if you have questions.”
I remember the days when SysAdmins bragged about server uptimes that were sometimes measured in years. I have been out of the SysAdmin world for quite a while, focusing on software development, and somewhere along the way, a small revolution happened. Here at Threat Stack, our DevOps team embraces immutable infrastructure, which allows us to spin down problematic servers and spin up brand new clean instances in a matter of minutes. Impressed with this approach, I started to look for a way to bring some of these concepts home. Read more “DevOpsing at Home”
Last night we got together with our good friends from PagerDuty to host an event at District Hall in the Seaport area of Boston. It was a fun evening, offering product-related presentations, a wide-ranging panel discussion, and an opportunity to socialize with friends, colleagues, and other like-minded folks.
Before we go further, you may ask why we’re teaming up with PagerDuty. PagerDuty and Threat Stack have a tight product integration that enables you to manage all types of alerts in one place, making sure you have an end-to-end security solution that alerts you when the unexpected occurs. A great combination! Read more “Boston Cloud Security & Incident Management Workshop Recap”
When you think of alternate reality games (ARGs), things such as Ingress or Pokemon GO probably come to mind. While thinking about ways to use encryption or navigate the Tor network, you most likely wouldn’t think to start by browsing 4chan’s /x/ (paranormal) board. Yet on January 5, 2012 many people found themselves intrigued and began their journey to greater security knowledge, and perhaps to “enlightenment” (as a later puzzle states). Read more “Cicadas & Security: How an Alternate Reality Game Teaches Encryption and Security Best Practices, Part 1”
One of our goals at Threat Stack is sharing information that will help you learn about the current cloud security threat landscape in order to effectively and more easily manage your organization’s security issues — and confidently get on with running your business.
To this end, the Threat Stack blog is a terrific repository of articles that cover a range of security topics. If you’re not a regular reader, we encourage you to start exploring — and in the meantime, have a look at the ten most-read posts of 2016. Read more “According to Our Readers: Threat Stack’s Top 10 Blog Posts for 2016 (and More)”
Recently the Galactic Empire’s Death Star plans were leaked due to a security breach on the planet Scarif. A threat actor known as ROGUE ONE carried out the breach with support from the Rebel Alliance fleet. This post mortem has been commissioned by the Imperial Security Bureau and documents what is currently known while active investigation continues.
This breach is not expected to delay construction of the Death Star. The battle station is expected to be operational by its previously announced date, if not before. Read more “Post Mortem: Death Star Data Breach by ROGUE ONE”
The USENIX LISA 2016 Conference wrapped up a week ago after a tremendous five-day program of workshops, training sessions, presentations, talks, and more. Our own Pat Cable, Threat Stack Security Engineer, lent his expertise as “Invited Talks Co-Chair,” and Threat Stack was a proud sponsor of the event.
Full length presentations and videos will soon be available on the LISA site, but we thought it would be fun and informative to follow LISA’s motto of “More Craft, Less Cruft” by bringing you short video interviews with five LISA16 attendees and presenters.
So in their own words, here’s what they had to say about their favorite projects, the importance of security, and anything else that was top of mind. Read more “The USENIX LISA 2016 Conference: In Their Own Words”
Interested in attending AWS re:Invent 2017? Take a look at what we’ll be up to.
AWS re:Invent 2016 has come and gone and what an event it was! This year had a record-breaking attendance of more than 30,000 people, showing the tremendous interest in all the advantages that the cloud has to offer. The expo floor (where Threat Stack was a Gold Sponsor) mirrored this growth with many new vendors to full-scale enterprise offerings with multi-floor architectures. It’s clear from this year’s re:Invent that the cloud industry has moved out of its infancy into full scale adoption across a vast number of implementations.
So, what were our team’s key takeaways? It’s become clear that security is no longer a tax, but rather an investment into long-term organizational growth and success. Given the cloud’s explosive growth, security must be considered early on rather than as an afterthought. In addition to a strong interest in security, AWS launched many new services that will help to accelerate cloud adoption and enable companies to move even faster.