Five years is a blink of the eye in time, but in technology, a lot can happen. This year, we’re celebrating the fifth year of the Threat Stack blog. We’ve been digging around our archives and analyzing the metrics to see what’s changed in the market since our inception, how our own product has evolved, and what topics are still tried and true.
Some things changed, and some stayed the same. Most interesting, we saw five of our personal favorite topics rise to the top in terms of article popularity. Some written several years ago, some written this year, they’re indicative of how the market is shifting and what companies are focused on today.
Without further ado, here are the five most-read articles of all time on our blog, and if you haven’t read them, data says you should. Read more “5 Years in Review: 5 Can’t-Miss Posts From Our Archive of 450+”
Test-driven security is the implementation of tests into the development process, and Chef InSpec is one tool that will help you get started with this process. These security tests are intended to define the security features required for a system to be production ready.
In this post, we will walk through the process of using test-driven security, with proscriptive security tests, using Chef InSpec. Read more “Test-Driven Security With Chef InSpec”
Investing in SecOps doesn’t just mean hiring folks who know how to blend together software development, IT operations, and security skillsets. It also doesn’t just mean telling your DevOps team to run secure or scolding your security team into moving fast enough to keep up with continuous deployment.
Truly committing to SecOps means investing in tools that can do double (or triple) duty — helping you not only release code continuously but ensure that everything from your back-end infrastructure to your customer-facing applications is 100% secure. It means investing in tools that make meeting both DevOps and security best practices simple and straightforward.
As DevOps expands to include more security functions and security evolves to be more agile, it’s never been more important (or economical) to be able to use operational tools for security and security tools for operations. DevOps teams want software that can integrate critical functions of security, like alerting, directly into their current processes. Security teams want tools that let them seamlessly interact with DevOps.
Here’s what that should look like. Read more “How to Use Ops Tools for Security and Security Tools for Ops”
Last night we got together with our good friends from PagerDuty to host an event at District Hall in the Seaport area of Boston. It was a fun evening, offering product-related presentations, a wide-ranging panel discussion, and an opportunity to socialize with friends, colleagues, and other like-minded folks.
Before we go further, you may ask why we’re teaming up with PagerDuty. PagerDuty and Threat Stack have a tight product integration that enables you to manage all types of alerts in one place, making sure you have an end-to-end security solution that alerts you when the unexpected occurs. A great combination! Read more “Boston Cloud Security & Incident Management Workshop Recap”
Over the past couple of years, a discussion has been brewing in the Security community about the future of its work. On one hand, the need for a cloud security service is more urgent than ever as all areas of business and personal computing are being impacted by cyber threats. On the other hand, the process of delivering software has changed: We have significantly streamlined the development process by reducing organizational silos through various implementations of a DevOps culture.
So here’s the question: Faced with this changing landscape, how can Security transform the way it does business in order to contribute its full value — without negatively impacting development schedules and operational procedures? Security needs to adjust to the rapid and agile world of the cloud, but the transition doesn’t have to be difficult. The Ops community faced a similar transition when it integrated with Dev, and there’s much that Security can learn from their experience.
Read more “5 Things Security Can Learn From Operations’ Transition Into DevOps”
Ask three people what SecOps is and chances are you’ll get three different descriptions:
- It’s a team
- It’s a job title
- It’s a methodology
All of these definitions are, in fact, correct. Smaller companies may implement a SecOps methodology where everyone is a security ambassador, whereas larger companies with more personnel can assemble an entire team and designate specific SecOps job titles. Whichever is the case for you, there are five ingredients that must be part of any successful SecOps implementation. Read more “The 5 Ingredients of a Successful SecOps Implementation”
At Threat Stack, we’ve been a SecOps-oriented team from day one. This means our developers, operations, and security practitioners all work together to make sure that every line of code we release is secure. It’s how we eat our own dogfood.
But we know that getting started with SecOps isn’t always easy, especially since little has been said so far about the practicalities of how security and operations can come together to enable SecOps.
Pete Cheslock, our Senior Director of Operations and Support, has been on the frontlines of SecOps for much of his career, so we decided to spend some time quizzing him about the practical aspects of getting a SecOps program started. Read more “Will SecOps Finally Close the Security and Operations Gap? A Q&A with Pete Cheslock”
The Threat Stack SecOps Playbook is now available!
Why We Created a SecOps Playbook
I have experienced the transition to SecOps up close and personal. I’ve led teams in figuring out how to get security practitioners and DevOps teams in sync and in harmony. Along the way, I’ve learned a number of valuable lessons that can be extended to any team that is thinking about bringing security deeper into the DevOps process.
It won’t be long before network perimeters are a thing of the past. As companies continue to adopt the cloud, either going all-in or operating in hybrid mode, the familiar perimeter starts to disappear.
Read more “How to Monitor Network Activity When Your Infrastructure Lacks an Edge”
While the term “DevSecOps” has started to come up more often recently, we’re still wrapping our heads around “DevOps” to answer questions such as “How do I implement DevOps?”, “Where do I find DevOps engineers?”, and “What does DevOps even mean because I just asked 6 people and got 8 different answers?”
Read more “Why Did We Need to Invent DevSecOps?”