As a security company, there’s a lot of pressure to keep our data secure while still moving fast and innovating on product development. I find the intersection of security and speed the most interesting challenge as an infrastructure security professional. The unique thing about Threat Stack is that our Security and Engineering teams have learned how to work together to automate security into our day-to-day processes — making them simultaneously more secure, efficient, and effective.
I’m a firm believer that an effective SecOps organization involves people, processes, and tools, in that order. The tools we’ve built in-house are meant to make people’s lives easier, and ease some of the processes that make security a natural part of the workflow if you’re trying to get a job done quickly.
We’ve open-sourced a lot of the tooling we’ve developed to make our operations more secure, and hope you’ll find this information useful when you’re thinking about automating security in your own organization.
In this post, I’ll describe three of the tools we’ve developed (and then open-sourced) at Threat Stack in order to integrate automated security processes into our workflow. (I’ve also included a description of a fourth tool that we developed — an automated SOC 2 compliance checking bot. We use it internally, but to date, it’s not available outside Threat Stack.) Read more “Three Homegrown SecOps Tools Used by the Threat Stack Team”
No matter where you sit in your organization, you should know what happens when you sacrifice security for speed. Threat Stack recently surveyed DevOps and security pros and found that more than half (52%) of companies make this very sacrifice, cutting back on security measures to meet a business deadline or objective. Additionally, 62% of security professionals surveyed stated that their Operations teams push back when asked to deploy secure technology — often because Ops fears it will slow things down.
This might not seem like a large problem until you consider what actually happens when you sacrifice security for speed. By putting speed above security best practices, you open your organization up to breaches and attacks. But ironically, contrary to the belief of some operations professionals, applying security best practices doesn’t necessarily require you to slow down forever.
In this post, the fourth in our SecOps survey series, we’re sharing what happens when you sacrifice security for speed, as well as some best practices your organization should apply in all circumstances. Read more “What Happens When You Sacrifice Security for Speed (And Common Ways Security Gets Sacrificed)”
On December 14, Chris Gervais, Threat Stack’s VP of Engineering, was joined by Sabino Marquez, the CISO of Allocadia for our latest webinar: Lean Security: Your Guide to SecOps Efficiency in the Cloud. We’ve written before about lean security and the importance of aligning people, processes, and technology to create a successful security organization. In this webinar, we learned first-hand how Allocadia does it with Threat Stack.
You can view the entire webinar here, or read a recap of the key points that Chris and Sabino covered. Read more “Lean Security Webinar ReCap: Achieving SecOps Efficiency in the Cloud”