We want to help you make decisions that will strengthen and protect your organization while increasing its competitive edge. That’s why it’s always been part of our mandate to get you the information you need to become better informed about cybersecurity and compliance.
In this post, we’re introducing a sample of our audio offerings — audio blogs, audio case studies, and podcasts — designed to give you a new option for consuming our educational content. These resources, along with others that we offer, are intended to help you with your overall professional development and also provide information on some of the specific security and compliance issues you’re dealing with at your company.
By the way, in addition to audio resources, we’ve got plenty of old-school text materials on our Resources page. Happy listening and happy reading! And if there’s something else you’d like to hear about, let us know on Twitter.
Audio Blog Posts
Recently there has been a surge in the adoption of this container technology — and while it offers significant benefits, it also presents security challenges. If container ecosystems aren’t properly designed, deployed, and managed, they can create problems that offset or undermine the benefits. This post outlines key tips and best practices to keep in mind when implementing security with Docker.
SOC 2 is one of the more common compliance requirements technology companies must meet today. But what does SOC 2 compliance mean, and how can you go about achieving it? This post discusses the four most important things you need to know.
If you want more on SOC 2 and how to create a compliance roadmap for your organization, these two posts also provide great information:
In this post, Mark Moore, Senior Software Security Engineer on Threat Stack’s Security team, explains that compliance is not a feature of AWS; it’s the result of using it correctly. He then outlines 9 best practices that are designed to help you maintain HIPAA compliance.
Want an inside look at how we do DevSecOps at Threat Stack? Listen to T.J. Maher, Software Development Engineer in Test, as he explains how Threat Stack Test Engineers keep track of almost three hundred acceptance tests using ThoughtWorks Gauge, a free, lightweight, cross-platform test automation framework.
Given the complex and dynamic nature of cloud-native environments, this post explains why security teams must achieve full stack security observability to gain a complete 3D picture of their cloud ecosystem.
Audio Case Studies
Springbuk is a health analytics company that unifies pharmacy, biometric, and activity data, as well as medical claims so employers can make better decisions about health benefit programs. As Springbuk began to scale rapidly in AWS, they needed to ensure they were using best security practices and meeting HIPAA requirements. This case study outlines what they did to achieve their security and compliance goals.
Ethan Hansen, security analyst in the Threat Stack Security Operations Center, and John Shoenberger, Threat Stack security solutions engineer, discuss container security and the cryptojacking trends observed in customer environments.
Mark Moore, Senior Software Security Engineer at Threat Stack, and Tim Buntel, Threat Stack’s VP of Application Security, discuss ways of using security products and services to help your organization scale its security initiatives. They also discuss ways of cutting through marketing-speak and vendor-babble to identify the security solutions that are best suited to your organization’s needs.
Added Value: Read Mark Moore’s Cut Time & Costs: 7 Best Practices to Follow When Choosing a Cloud Security Solution.
Mark Moore joins Tim Buntel once again to talk about how developers can encourage strong user passwords, drawing on Mark’s experience at Threat Stack as an example.
Pat Cable, Threat Stack’s Director of Platform Security, and Tim Buntel discuss secrets management in a DevSecOps environment, some recommended tools, and tips for keeping your secrets…secret.
But wait, there’s more!
For more, including webinars and videos, visit our Resources page. And let us know what else you’re interested in — Full Stack Security Observability, HIPAA Compliance, PCI, Container Security, DevSecOps Best Practices, or whatever. If there’s something you’d like to hear about, let us know on Twitter. And, if you want to stay up to speed on our top blogs and resources every month, make sure to subscribe to our monthly digest!