The Biggest Issue Security Teams Have Today (And 3 Ways to Solve It)

It’s an issue that most security teams struggle with, but not many have a good solution. When there’s an ample supply, security is strong, but when insufficient, it puts a strain on the entire organization. We’re talking about people.

As companies grow, security becomes more and more important, but what if you don’t have enough people to fill the seats? It’s no secret we’re facing a talent shortage of epidemic proportions. According to PWC, there will be 1.5 million cyber security job openings by 2019, and the talent market is not expected to catch up any time soon. But this does not mean companies can simply put off security until the talent market catches up (because by all estimates, they’ll be waiting a long time). So how can companies solve for this? Consider the following three key approaches: Read more “The Biggest Issue Security Teams Have Today (And 3 Ways to Solve It)”

‘Tis the Season To Be Proactive, Vigilant, & Transparent

Cyber Monday is here (and for those of us in the cloud security business, it’s also the start of the AWS re:Invent 2017 conference). So given all the strange things that have been happening in our cyber environment, we thought we would once again remind organizations and consumers alike about the need to be proactive and extra vigilant in their security practices. Read more “‘Tis the Season To Be Proactive, Vigilant, & Transparent”

5 Cloud Security Tips for Emerging Tech Companies

True or false: Companies born in the cloud naturally understand security.

Young and tech-savvy companies running in the cloud often deal with the same cloud security issues as larger organizations that are moving to the cloud from legacy or on-prem solutions. In fact, the unique requirements of tech companies — like continuous development cycles and cutting-edge, rapidly evolving processes — can sometimes add even more complexity to security. If you fall into this camp, you may find this blog useful. In it, we’ve rounded up some of our best advice so you can learn how to strengthen your cloud security posture and start building out a cloud security strategy starting now, without a big drain on your budget and resources. Read more “5 Cloud Security Tips for Emerging Tech Companies”

5 Pieces of Advice for Navigating the Security Culture Shift

As security threats become a bigger part of the day-to-day concerns at all types of organizations, it has become vital to inculcate and promote a “culture of security.” Yes, security is everyone’s responsibility — but it requires a shift in culture for people to begin accepting that responsibility.

Triggering this shift can be harder than it sounds on the surface. Why? Well, for one thing, most people in the organization don’t have their success measured on security. When the marketing team gets a performance review, no one brings up security. When a direct reward or consequence isn’t on the line, it can be more difficult to get people to buy in to their responsibility to help keep the company secure.

That said, it’s not impossible by any means. It just requires focused and sustained effort to change the culture. As with any culture shift, it won’t necessarily be easy or linear, but it is achievable. Here are a few steps you can take to help your team more security-minded. Read more “5 Pieces of Advice for Navigating the Security Culture Shift”

Risk Acceptance & Business Payout

Key Takeaways From the Gartner Security & Risk Management Summit 2017

I just got back from the Gartner Security & Risk Management Summit with three key takeaways that I would like to share. Overall, industry leaders indicate that cybersecurity should be treated as a business function, not as a tax, and to achieve this, we need to base our security approach on:

  1. An attitude and culture of Risk Acceptance
  2. A Risk Management Methodology that enables us to detect and manage risk
  3. Effective alignment with the CEO and BoD by making risk-based decisions focused on business goals

Let’s get into the details. Read more “Risk Acceptance & Business Payout”

How to Stay Secure at Conferences

Conferences can be an amazing way to connect with like-minded folks and educate yourself on what’s new and trending in your industry. At Threat Stack, we regularly attend and speak at conferences like BSides and DevOpsDays, and it’s been exciting to see a bigger focus on security topics in the DevOps world in recent years. Since we attend so many conferences ourselves, we wanted to offer some helpful advice on how you can keep your devices secure while you’re attending conferences. Read more “How to Stay Secure at Conferences”

Observations as Cyber Security Awareness Month Comes to a Close

As National Cyber Security Awareness month comes to a close, it seems appropriate to reflect on the state of cyber security today. The ugly truth is that the cyber threat environment has never been more volatile. Breaches are commonplace, headlines on data loss and sophisticated hacks bombard us daily and technology continues to progress and move forward, in spite of security concerns and compromise. A huge portion of the general population’s personal data is exposed and, while seemingly everyone is aware there’s a problem, few are willing to take the preventative measures necessary to stop it.

Read more “Observations as Cyber Security Awareness Month Comes to a Close”