Q&A With Pat Cable: How Threat Stack Secures Evolving Infrastructure

With the popularity of container environments on the rise, we’ve seen many Threat Stack customers undergoing infrastructure transitions of late. Whether they’re deploying containers for the first time or moving to container orchestration platforms, the shift is one that requires careful consideration when it comes to security. Often, however, organizations just don’t know where to begin in terms of integrating security with their evolving infrastructure.

Recently, I sat down with Pat Cable, Threat Stack’s Senior Infrastructure Security Engineer, to get his point of view on the challenges posed by evolving infrastructure and how Threat Stack can help ensure a secure transition. Read more “Q&A With Pat Cable: How Threat Stack Secures Evolving Infrastructure”

24 DevOps Pros Reveal the Most Important Characteristic of a Successful DevOps Engineer

There’s no precisely defined career track for DevOps engineers because they’re typically developers or sysadmins who develop an interest in other aspects of operations — such as network operations, deployment, or coding and scripting. Yet with more companies turning to DevOps to deliver products and updates more rapidly, there’s a growing demand for these multi-faceted professionals, and they’re playing an ever-more prominent role in modern companies.

Without a clear-cut career track to lead to a role as a DevOps engineer, companies hire and promote these professionals based on past experience and skillsets. But what characteristics are most important to ensure success as a DevOps engineer? To gain some insight into the skills, talents, and traits that today’s top DevOps engineers need in order to succeed, we reached out to a panel of DevOps pros and engineers and asked them to answer this question:

“What is the most important characteristic of a successful DevOps engineer?”

Read more “24 DevOps Pros Reveal the Most Important Characteristic of a Successful DevOps Engineer”

How to Transform Alert Fatigue Into Proactive Security Management — 4 Must-Read Blog Posts

The cybersecurity talent shortage is real, with an estimated 1.8 million unfilled roles expected by 2020. And with 72% of CISOs claiming that their teams are facing alert fatigue, there’s not a lot of margin for error when it comes to getting accurate, context-rich alerts in front of under-resourced teams.

Traditional approaches to managing security alerts have often driven teams into a reactive mode where they’re overwhelmed by huge volumes of alerts or spend way too much critical time gathering information and digging around in log files. If this proliferation of data can be transformed into actionable intelligence, however, teams can become significantly more proactive and reduce risk over time.

Today, we’ll take a look at four must-read Threat Stack blog posts that provide great advice on how you can more away from reactive, ad hoc tactics and adopt a more structured, proactive approach by making alerts a key element of your overall information security strategy. Read more “How to Transform Alert Fatigue Into Proactive Security Management — 4 Must-Read Blog Posts”

GDPR: What Compliance Says vs. What DevOps Hears

The deadline for the General Data Protection Regulation (GDPR) is fast approaching, with May 25 marking the official day of reckoning. The updates to the data protection directive of 1995 (Directive 95/46/EC) are designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy rights, and to reshape the way organizations across the EU approach data privacy.

There’s a likelihood that Compliance has approached your DevOps team to get on board. But when Compliance talks, what do you hear? Are you truly understanding what’s required of you to become GDPR compliant? Let’s take a look at some of the possible gaps in knowledge below. Read more “GDPR: What Compliance Says vs. What DevOps Hears”

SLDC, SOC 2, and Other Four Letter Words

Developers gonna develop. That’s why we’re developers. We want to set some implementation goal and then make that a reality. We like to stay heads down and focus on the immediate task at hand. Unfortunately, this can sometimes cause collateral damage. Secondary objectives can get ignored or even trampled in the race to meet the primary target. It’s also likely that other promising developments will get missed as they fall off the main path. Dealing with these issues is one of the many functions of compliance regulations.
Read more “SLDC, SOC 2, and Other Four Letter Words”

21 InfoSec and AWS Experts Reveal the #1 Mistake Companies Make When It Comes to AWS Security (and How to Avoid It)

More companies are moving to the cloud than ever before. Amazon Web Services (AWS) is one of the most popular cloud platforms, and for good reason: AWS provides a robust set of features and services that give it broad appeal among businesses of all sizes. But when it comes to security, many companies continue to fall short, putting their sensitive data at risk. In a recent Threat Stack study, for example, we discovered that 73% of companies have at least one critical AWS security misconfiguration that enables an attacker to gain access directly to private services or the AWS console, or that could be used to mask criminal activity from monitoring technologies.

To gain some insight into the biggest (and potentially most devastating) mistakes companies are making related to AWS security as well as tips and strategies for avoiding them, we reached out to a panel of InfoSec pros and AWS experts and asked them to answer this question:

“What’s the number one mistake companies make when it comes to AWS security (and how can they avoid it)?”

Read more “21 InfoSec and AWS Experts Reveal the #1 Mistake Companies Make When It Comes to AWS Security (and How to Avoid It)”

20 Dev Leaders and Hiring Managers Reveal Their Favorite DevOps Interview Questions

We champion a security-first DevOps culture at Threat Stack, and I’ve had the opportunity of building DevOps best practices into the company since its earliest days. In our experience, this is the best way of simultaneously reducing risk and achieving peak operational efficiency.

Getting the right players on your DevOps team is crucial to this goal, of course. But how do you filter out the star players from the mediocre? Beyond a careful analysis of a candidate’s background and experience, asking the right interview questions can reveal valuable insights that make it possible to find the ideal candidate to complement your existing team’s skill sets and personalities.

To find out what questions today’s dev leaders turn to during interviews for these all-important insights, we reached out to a panel of hiring managers and dev team leaders and asked them to answer this question:

“What’s your favorite DevOps interview question (and why)?”

Read more “20 Dev Leaders and Hiring Managers Reveal Their Favorite DevOps Interview Questions”

DevOpsDays Austin Recap: Getting Back to Basics

What’s old was new again at DevOpsDays Austin last week, with the 7th annual conference featuring fewer attendees, the elimination of sponsor tables, and a format that put the focus back on knowledge-sharing and human interaction. Running May 3–4 at the Darrell K. Royal-Texas Memorial Stadium, the conference was an interesting exercise in returning to the roots of DevOpsDays, and the payoff was quality presentations and conversations. Read on for a few of the highlights. Read more “DevOpsDays Austin Recap: Getting Back to Basics”

Profile of an Ideal Security Hire in 2018

It seems that organizations are finally understanding the importance of bridging the gap between security and operations. In a survey we conducted recently, 85% of respondents said that employing SecOps best practices is an important goal for their organizations. Nevertheless, only 35% reported that SecOps is currently an established practice.

When it comes to the ideal of marrying security and operations, many are held back by a lack of expertise. The cybersecurity skills gap has created a severe talent drought in the industry, which is expected to leave 3.5 million cybersecurity jobs open by 2021.

It’s worth looking at what the qualities of an ideal security hire are in today’s business climate, and why it’s so difficult to find these types of professionals. In this post, we’ll outline the skill sets that cybersecurity professionals need to cultivate in the age of the cloud, explain why that ideal is so hard to find, and offer practical advice for moving your SecOps program forward, regardless of who you’re able to bring on your team full-time. Read more “Profile of an Ideal Security Hire in 2018”

What Happens When You Sacrifice Security for Speed (And Common Ways Security Gets Sacrificed)

No matter where you sit in your organization, you should know what happens when you sacrifice security for speed. Threat Stack recently surveyed DevOps and security pros and found that more than half (52%) of companies make this very sacrifice, cutting back on security measures to meet a business deadline or objective. Additionally, 62% of security professionals surveyed stated that their Operations teams push back when asked to deploy secure technology — often because Ops fears it will slow things down.

This might not seem like a large problem until you consider what actually happens when you sacrifice security for speed. By putting speed above security best practices, you open your organization up to breaches and attacks. But ironically, contrary to the belief of some operations professionals, applying security best practices doesn’t necessarily require you to slow down forever.

In this post, the fourth in our SecOps survey series, we’re sharing what happens when you sacrifice security for speed, as well as some best practices your organization should apply in all circumstances.
Read more “What Happens When You Sacrifice Security for Speed (And Common Ways Security Gets Sacrificed)”