Approximately 50,000 attendees descended on San Francisco’s Moscone Center April 16–20 for RSA Conference 2018. With cyberthreats on the upswing, this year’s theme of “Now Matters” was especially apt, and a wide range of keynotes, sessions, and courses covering cybersecurity today didn’t disappoint. In this post, we’ll recap some of the highlights in a day-by-day rundown of the most interesting sessions, keynotes, and events. Whether you were able to attend or not, we want to share some of the great resources and information that came out of the conference. Read more “Highlights From RSA Conference 2018”
As you likely know, RSA Conference is one of the largest and most comprehensive security events held each year. Choosing which sessions to attend and how to prioritize your time can be a big job.
At Threat Stack, we have SecOps on our minds big-time, so in this post we put together a list of related sessions that we think are absolutely can’t-miss.
Before you start reading, however, make a note to join us at Booth #S2504 to meet with one of our experts for tips on how to Secure the Strange Things Happening in Your Cloud! Read more “8 SecOps-Related Sessions You Don’t Want to Miss at RSA Conference 2018”
Even organizations that understand the importance of cybersecurity in theory often stumble when it comes to marrying security initiatives with their development and operations processes.
We recently surveyed a group of development, operations, and security professionals, compiling our findings in this report: Bridging the Gap Between SecOps Intent and Reality. We found a huge gap between intent and reality when it comes to implementing and practicing SecOps — a term that — properly understood — refers to the integration and alignment of security with DevOps practices.
Most organizations agree that everyone should be responsible for security, but this principle is not being upheld on a day-to-day basis in many organizations. And that’s bad news for everyone.
Today, we’re examining why the vision for SecOps hasn’t become a reality at most organizations. We’re exploring specific obstacles and attitudes to spotlight what is standing in the way, even at organizations where a stronger security posture is an explicitly stated goal. Read more “The 5 Biggest Obstacles to SecOps Success”
SecOps is a multi-faceted function tasked with a variety of responsibilities, not the least of which is coming up with secure software and applications while maintaining the development and release cadence users demand. It’s no longer enough to just concern yourself with writing code and developing software. Today, adding security into the mix is considered a best practice — and it’s certainly one we live by at Threat Stack.
Fortunately, a number of tools can help SecOps professionals meet these demands and achieve business goals. From dashboards that let SecOps pros view all the essential metrics about their apps in one place, to hunting tools that help users detect patterns and pinpoint potential vulnerabilities, to tools that issue alerts when anomalies arise, to attack modeling tools that create a standardized taxonomy of security threats, and more, there are many types of tools that today’s SecOps pros should have in their arsenal.
In this post, we’ve rounded up 50 of the most useful tools for SecOps teams in the following categories: Read more “Best SecOps Tools: 50 Must-Have Tools For Your SecOps Arsenal”
SOC 2 compliance is one of the most common customer use cases we come across here at Threat Stack. Developed by the American Institute of CPAs (AICPA), the framework is designed for service providers storing customer data in the cloud, and SaaS companies among others often turn to us as they begin to feel overwhelmed by the requirements.
Having undergone a Type 2 SOC 2 examination ourselves, Threat Stack’s Senior Director of Operations Pete Cheslock, and Senior Infrastructure Security Engineer Pat Cable, gathered for a webinar recently to discuss exactly what we did to achieve SOC 2 compliance with zero exceptions. Read the recap below, or listen to the full webinar here. Read more “How to Achieve Type 2 SOC 2 With Zero Exceptions — Webinar Recap”
Good CEOs are committed to moving their companies forward, increasing revenue, and ensuring that their teams are productive. When business challenges arise, they approach them with the best intentions. After all, it’s the CEO’s job to have the company’s best interests in mind.
Recently, at Threat Stack, we surveyed DevOps and security pros to learn how cybersecurity is being implemented at their companies. In this post, we’re sharing what we learned about how a CEO’s attitude to and perspective on cybersecurity can affect the whole organization, as well as how to approach the challenges that may arise. This is the first in a series of four posts where we dive into the data we unearthed during this survey. Read more “How CEOs Can Be a Cybersecurity Liability (And What to Do About It)”
Considering how fast every facet of business is changing today, the job for Security teams has become much more complex — and critical. Not only are there more data and endpoints to protect, but there are also new threats and adversaries to detect.
Since speed and continuous release cycles can be a major competitive advantage for businesses, Security professionals need to identify ways of keeping up. In this post, we’ll cover seven important ways business processes are changing and how security can adapt to support the speed of business. Read more “7 Ways Business Processes Have Changed the Need for Security”
How to compress Mean Time To Resolution (MTTR) and drive operational efficiency
Slashing MTTR is one way of shifting into a high-velocity security mode so your team can operate faster to drive innovation, scale, and create a strong competitive advantage.
If you’ve ever hired security pros, then you know the current talent shortage is no joke. A recent Computerworld survey found that compensation for security specialists is growing faster than for any other role in IT (up 6.4% year-over-year in average total compensation), and the competition for talent is fierce. Finding the right talent can be a lengthy process, leaving your security hopes and dreams in limbo.
So, what’s an organization to do? Many companies are working hard to streamline security operations and answer the talent shortage with changing tactics to match the changing role of security. Organizations need to maximize the value of their security hires now more than ever. Below, we’ll cover five tips that can help you get the most out of your security team’s time and talents. Read more “5 Tips to Streamline Your Security Team”
Investing in SecOps doesn’t just mean hiring folks who know how to blend together software development, IT operations, and security skillsets. It also doesn’t just mean telling your DevOps team to run secure or scolding your security team into moving fast enough to keep up with continuous deployment.
Truly committing to SecOps means investing in tools that can do double (or triple) duty — helping you not only release code continuously but ensure that everything from your back-end infrastructure to your customer-facing applications is 100% secure. It means investing in tools that make meeting both DevOps and security best practices simple and straightforward.
As DevOps expands to include more security functions and security evolves to be more agile, it’s never been more important (or economical) to be able to use operational tools for security and security tools for operations. DevOps teams want software that can integrate critical functions of security, like alerting, directly into their current processes. Security teams want tools that let them seamlessly interact with DevOps.
Here’s what that should look like. Read more “How to Use Ops Tools for Security and Security Tools for Ops”