The 5 Biggest Obstacles to SecOps Success

Even organizations that understand the importance of cybersecurity in theory often stumble when it comes to marrying security initiatives with their development and operations processes.

We recently surveyed a group of development, operations, and security professionals, compiling our findings in this report: Bridging the Gap Between SecOps Intent and Reality. We found a huge gap between intent and reality when it comes to implementing and practicing SecOps — a term that — properly understood — refers to the integration and alignment of security with DevOps practices.

Most organizations agree that everyone should be responsible for security, but this principle is not being upheld on a day-to-day basis in many organizations. And that’s bad news for everyone.

Today, we’re examining why the vision for SecOps hasn’t become a reality at most organizations. We’re exploring specific obstacles and attitudes to spotlight what is standing in the way, even at organizations where a stronger security posture is an explicitly stated goal. Read more “The 5 Biggest Obstacles to SecOps Success”

How to Make SecOps Work in the Real World

Smart organizations already know that running securely is key to success in today’s competitive landscape. So why isn’t security table stakes in 2018?

Unfortunately, there seems to be a disconnect between what organizations want when it comes to security, and what they’re actually able to put into practice. In Threat Stack’s recent report, Bridging the Gap Between SecOps Intent and Reality, we found that 85% of organizations believe bridging the gap and employing SecOps best practices is an important goal, yet just 35% say that SecOps is a completely or mostly established practice at their organizations, and 18% say it’s not established at all.

It’s clear that the challenge is how to make SecOps work in the real world. Whether you’re challenged by a security talent shortage, siloing between teams, out-of-date skills, or major rifts in perception, it is possible to better integrate SecOps using the right strategy.

To help you apply security best practices to your organization, let’s take a look at four concrete ways that teams can begin to close the SecOps chasm. Read more “How to Make SecOps Work in the Real World”

52% of Companies Sacrifice Cybersecurity for Speed — Webinar Recap

Our recent survey found that over 50% of companies admit to cutting back on security measures to meet a business deadline or objective. As long as companies are willing to sacrifice security at the altar of speed, the long-held dream of marrying DevOps and security simply won’t become reality.

To speak to the issue, Threat Stack’s Head of Operations, Pete Cheslock, and PagerDuty’s Senior Application Security Engineer, Franklin Mosley, joined the SANS Institute for a recent webinar. You can listen to the full webinar here or read the major takeaways below. Read more “52% of Companies Sacrifice Cybersecurity for Speed — Webinar Recap”

How CEOs Can Be a Cybersecurity Liability (And What to Do About It)

Good CEOs are committed to moving their companies forward, increasing revenue, and ensuring that their teams are productive. When business challenges arise, they approach them with the best intentions. After all, it’s the CEO’s job to have the company’s best interests in mind.

Recently, at Threat Stack, we surveyed DevOps and security pros to learn how cybersecurity is being implemented at their companies. In this post, we’re sharing what we learned about how a CEO’s attitude to and perspective on cybersecurity can affect the whole organization, as well as how to approach the challenges that may arise. This is the first in a series of four posts where we dive into the data we unearthed during this survey. Read more “How CEOs Can Be a Cybersecurity Liability (And What to Do About It)”