Security isn’t just a technical problem. It’s also a people problem, and keeping the people side of the security equation strong requires that all people in your organization have an awareness of security. This is why security awareness programs are so important.
The goal of a security awareness program — as you may have guessed — is to increase organizational understanding and practical implementation of security best practices. A program like this should apply to all hires — new and old, across every department — and it should be reinforced on a regular basis.
Here’s what you need to know to create a first-class security awareness program at your organization. Read more “How to Implement a Security Awareness Program at Your Organization”
We often think of security as a technology problem. But at its core, security is and always has been a people problem. You can have the fanciest security tools up and running, but if your organization is full of happy clickers, you still have a problem on your hands.
For this reason, the more that security is a part of your company culture, the better off you will be when it comes to standing up to today’s threats. Read more “How to Prepare Your Company Culture for Its First Security Hire”
Today Threat Stack is excited to announce a powerful and easy-to-use new feature of the AWS Configuration Auditing capabilities — the Guided Rules Editor for AWS Configuration Auditing. With the Guided Rules Editor, available in the Threat Stack Audit Plan, users can quickly tailor AWS Configuration Auditing rulesets to their organization’s specific security policies and adapt to changes in their environment.
Read more “Write Your Own AWS Configuration Auditing Rules With Threat Stack’s Guided Rules Editor”
You’re probably familiar with DevOps by now. It’s the collaboration between Development and Operations teams by leveraging the same tools and processes to get things done more efficiently. Now, Security is being brought into the fold, and this is called DevOpsSec.
Since DevOpsSec is a much newer term and development practice, we wanted to take the opportunity to discuss how companies can get started with many of its foundational elements. There are no two people better equipped to talk about it than Threat Stack’s own Head of Operations, Pete Cheslock, and CTO, Sam Bisbee.
Rather than walking you through a polished slide deck, Pete and Sam wanted to open up the discussion in an AMA (Ask Me Anything) format. We fielded questions from Twitter, LinkedIn, Facebook, as well as email and received hundreds of submissions. On Tuesday, March 14, in the middle of a blizzard here in Boston, they sat down for an hour to answer many of these questions live. Read more “Ask Us Anything: Recap on How to Get Started With DevOpsSec”
I remember the days when SysAdmins bragged about server uptimes that were sometimes measured in years. I have been out of the SysAdmin world for quite a while, focusing on software development, and somewhere along the way, a small revolution happened. Here at Threat Stack, our DevOps team embraces immutable infrastructure, which allows us to spin down problematic servers and spin up brand new clean instances in a matter of minutes. Impressed with this approach, I started to look for a way to bring some of these concepts home. Read more “DevOpsing at Home”
Yesterday, we hosted one of our most popular webinars to date: Steps for Establishing Your AWS Security Roadmap. Threat Stack’s VP of Engineering, Chris Gervais, was joined by AWS Solution Architect, Scott Ward, along with Zuora’s Head of Infrastructure Security, Bibek Galera for a practical discussion on how companies can build an effective cloud security roadmap from day one. Read more “Steps for Establishing Your AWS Security Roadmap”
At Threat Stack we have developed best practices around cloud security — when it should be introduced, what it should cover at each stage of the security maturity lifecycle, whether a company should build or buy — and so on.
But we always want to hear what other experts have to say. So we recently asked two leaders in Boston’s VC community — Greg Dracon of Boston’s .406 Ventures and Gaurav Tuli, of F-Prime Capital Partners — to share some of the security-related insights they’ve gained from their extensive experience guiding start-up and early-stage companies to success over the years.
Without further commentary, here’s what Greg and Gaurav had to say . . . Read more “Boston-Based Venture Capitalists Weigh in on the Importance of Cybersecurity”
Picture the scene: You’re at the monthly board of directors meeting when someone asks, “So, what are you guys doing about security?”
Even two years ago, a CSA survey found that security was a board-level concern at 61% of companies. Why?
High-profile breaches have certainly made everyone conscious of cyber security issues, and as awareness and knowledge have grown, boards have begun to take a direct interest in the security of the companies they have invested in. Given that there are very real monetary and reputational consequences to a security breach, board members want to know what steps you are taking to prevent one. Read more “How to Answer Your Board’s Tough Security Questions”
If you’ve ever hired security pros, then you know the current talent shortage is no joke. A recent Computerworld survey found that compensation for security specialists is growing faster than for any other role in IT (up 6.4% year-over-year in average total compensation), and the competition for talent is fierce. Finding the right talent can be a lengthy process, leaving your security hopes and dreams in limbo.
So, what’s an organization to do? Many companies are working hard to streamline security operations and answer the talent shortage with changing tactics to match the changing role of security. Organizations need to maximize the value of their security hires now more than ever. Below, we’ll cover five tips that can help you get the most out of your security team’s time and talents. Read more “5 Tips to Streamline Your Security Team”
One way organizations can improve their security and operational ability is to collect logs in a central location. Centralized logging allows engineers across the entire organization to have a “common view” of the system under load, and can provide vital shared context when things go wrong.
Over the last few months, we at Threat Stack have been reworking how we handle all aspects of our logging system. This project encompasses everything, from the content of our log data to the infrastructure that collects it. In this post you’ll learn about how our internal applications send log data, where they send it to, and the trade offs we considered in making our collection system reliable. Read more “Reliable UNIX Log Collection in the Cloud”