Podcasts about threat stack

On The Cloud Pod this week, the whole team definitely isn't completely exhausted. Meanwhile, Amazon releases MSK Connect, Google offers the Google Cloud Digital Leader certification, and DORA's 2021 State of DevOps report has arrived.  A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. JumpCloud, which offers a complete platform for identity, access, and device management — no matter where your users and devices are located.  This week's highlights

Links: “I Trust AWS IAM to Secure my Applications. I Don't Trust the IAM Docs to Tell Me How”: https://ben11kehoe.medium.com/i-trust-aws-iam-to-secure-my-applications-i-dont-trust-the-iam-docs-to-tell-me-how-f0ec4c119e79 “Introduction to Zero Trust on AWS ECS Fargate”: https://omerxx.com/identity-aware-proxy-ecs/ Threat Stack Aquired by F5: https://techcrunch.com/2021/09/20/f5-acquires-cloud-security-startup-threat-stack-for-68-million/ AWS removed from CVE-2021-38112: https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/ Ransomware that encrypts the contents of S3 buckets: https://rhinosecuritylabs.com/aws/s3-ransomware-part-1-attack-vector/ TranscriptCorey: This is the AWS Morning Brief: Security Edition. AWS is fond of saying security is job zero. That means it's nobody in particular's job, which means it falls to the rest of us. Just the news you need to know, none of the fluff.Corey: This episode is sponsored in part by Thinkst Canary. This might take a little bit to explain, so bear with me. I linked against an early version of their tool, canarytokens.org, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, or anything else like that that you can generate in various parts of your environment, wherever you want them to live. It gives you fake AWS API credentials, for example, and the only thing that these things do is alert you whenever someone attempts to use them. It's an awesome approach to detecting breaches. I've used something similar for years myself before I found them. Check them out. But wait, there's more because they also have an enterprise option that you should be very much aware of: canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment and manage them centrally. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files that it presents on a fake file store, you get instant alerts. It's awesome. If you don't do something like this, instead you're likely to find out that you've gotten breached the very hard way. So, check it out. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I am so glad I found them. I love it.” Again, those URLs are canarytokens.org and canary.tools. And the first one is free because of course it is. The second one is enterprise-y. You'll know which one of those you fall into. Take a look. I'm a big fan. More to come from Thinkst Canary weeks ahead.Corey: This podcast seems to be going well. The Meanwhile in Security podcast has been fully rolled over and people are chiming in with kind things, which kind of makes me wonder, is this really a security podcast? Because normally people in that industry are mean.Let's dive into it. What happened last week in security? touching AWS, Ben Kehoe is on a security roll lately. His title of the article in full reads,  “I Trust AWS IAM to Secure My Applications. I Don't Trust the IAM Docs to Tell Me How”, and I think he's put his finger on the pulse of something that's really bothered me for a long time. IAM feels arcane and confusing. The official doc just made that worse For me. My default is assuming that the problem is entirely with me, But that's not true at all. I suspect I'm very far from the only person out there who feels this way.An “Introduction to Zero Trust on AWS ECS Fargate” is well-timed. Originally when Fargate launched, the concern was zero trust of AWS ECS Fargate, But we're fortunately past that now. The article is lengthy and isn't super clear as to the outcome that it's driving for and also forgets that SSO was for humans and not computers, But it's well documented and it offers plenty of code to implement such a thing yourself. It's time to move beyond static IAM roles for everything.Threat Stack has been a staple of the Boston IT scene for years; they were apparently acquired by F5 for less money than they'd raised, which seems unfortunate. I'm eagerly awaiting to see how they find F5 for culture. I bet it's refreshing.and jealous of Azure as attention in the past few episodes of this podcast, VMware wishes to participate by including a critical severity flaw that enables ransomware in vCenter or vSphere. I can't find anything that indicates whether or not VMware on AWS is affected, So those of you running that thing you should probably validate that everything's patched. reach out to your account manager, which if you're running something like that, you should be in close contact with anyway.Corey: Now from AWS themselves, what do they have to say? not much last week on the security front, their blog was suspiciously silent. scuttlebutt on Twitter has it that they're attempting to get themselves removed from an exploit, a CVE-2021-38112, which is a remote code execution vulnerability. If you have the Amazon workspaces client installed, update it because a malicious URL could cause code to be executed in the client's machine. It's been patched, but I think AWS likes not having public pointers to pass security lapses lurking around. I don't blame them, I mean, who wants that? The reason I bring it up is Not to shame them for it, but to highlight that all systems have faults in them. AWS is not immune to security problems, nor is any provider. It's important, to my mind, to laud companies for rapid remediation and disclosure and to try not to shame them for having bugs in the first place. I don't always succeed at it, But I do try. But heaven help you if you try to blame an intern for a security failure.And instead of talking about a tool, Let's do a tip of the week. Ransomware is in the news a lot, But so far, all that I've seen with regard to ransomware that encrypts the contents of S3 buckets is theoretical proofs—or proves—of concept. That said, for the data you can't afford to lose, you've got a few options that stack together neatly. The approach distills down to some combination of enabling MFA delete, enabling versioning on the bucket, and setting up replication rules to environments that are controlled by different credential sets entirely. This will of course become both maintenance-intensive and extremely expensive for some workloads, But it's always a good idea to periodically review your use of S3 and back up the truly important things.Announcer: Have you implemented industry best practices for securely accessing SSH servers, databases, or Kubernetes? It takes time and expertise to set up. Teleport makes it easy. It is an identity-aware access proxy that brings automatically expiring credentials for everything you need, including role-based access controls, access requests, and the audit log. It helps prevent data exfiltration and helps implement PCI and FedRAMP compliance. And best of all, Teleport is open-source and a pleasure to use. Download Teleport at goteleport.com. That's goteleport.com.Corey: I have been your host, Corey Quinn, and if you remember nothing else, it's that when you don't get what you want, you get experience instead. Let my experience guide you with the things you need to know in the AWS security world, so you can get back to doing your actual job. Thank you for listening to the AWS Morning Brief: Security Editionwith the latest in AWS security that actually matters. Please follow AWS Morning Brief on Apple Podcast, Spotify, Overcast—or wherever the hell it is you find the dulcet tones of my voice—and be sure to sign up for the Last Week in AWS newsletter at lastweekinaws.com.Announcer: This has been a HumblePod production. Stay humble.

Post By: Adam Turteltaub While organizations have increasingly embraced cloud computing as a solution to their data management and other needs, they do so in an environment of heightened risks. Attacks on cloud providers are increasing, which makes it ever more important to ensure that the rewards outweigh the risks, including from a compliance perspective. Chris Ford, Vice President Product, Threat Stack, advises organizations look to cloud service providers that have taken the step of becoming certified against standards such as ISO 27001 or SOC 2. He also recommends not stopping there and looking to certifications that align with specific risk areas such as IPAA, GDPR, CCPA or PCI. That's still not enough, though, he cautions in this podcast. Meet with the security team to discuss the organization's practices and how it manages third party vendor risk. If their practices aren't secure or the team is unwilling to meet with you that should be a very large red flag. So, too, is the approach to compliance:  stay away from vendors who take a check-the-box approach. Other pieces of advice he offers: Ask if they scan code in the build pipeline Determine if they do runtime monitoring of the infrastructure Find out what tools they use to ensure your date is secure Make sure they are constantly scanning for vulnerabilities Finally, security is a “team sport” he notes. It's important to maintain trust on an ongoing basis and look at this as a journey together. Be sure to learn from the failures of others, and, of course, make sure that you are just as vigilant of your internal IT security as you are of your vendor's.

Wipro has launched Wipro-Google Cloud Innovation Arena with a partnership with Google Cloud. This collaboration will aid in in-residence technical information, assist in seamlessly adapting to the cloud, and enhance innovation.F5, a cloud edge security software, has acquired the cloud security monitoring software Threat Stack for $68M. F5's application and API protection solutions combined with Threat Stack's cloud security capabilities can enhance visibility across the application infrastructure.Indeni, a security infrastructure automation company, has announced that it has partnered with TD SYNNEX. With the addition of Indeni to its portfolio, SYNNEX will be able to provide even more comprehensive solutions to its customersFlippa, a global online marketplace for buying and selling online businesses and digital assets, has raised $11M in Series A funding. The funds will be used to enhance the functionality of Flippa's platform products and scale the company's industry-leading business valuation tool.Check joins hands with Procare Solutions to improve how childcare centers carry out their payroll operations. The partnership is aimed at enabling Procare to integrate payroll capabilities into its platform fully.FloBiz, a neobank builder for small and medium-sized businesses (SMB), raised $35 million in a Series B funding round co-led by Sequoia Capital India and Think Investments to expand its team, develop its product and scale its distribution.Atlanta AI raises $15M in a Series A funding round led by GV to develop its AI systems and launch machine learning, network analytics tools. Its platform connects with numerous supply chain data points and answers questions about products, shipments, companies and networks, filtering out illicit trade, targeting bad actors and security threats across global commerce networks

Post By: Adam Turteltaub While organizations have increasingly embraced cloud computing as a solution to their data management and other needs, they do so in an environment of heightened risks. Attacks on cloud providers are increasing, which makes it ever more important to ensure that the rewards outweigh the risks, including from a compliance perspective. Chris Ford, Vice President Product, Threat Stack, advises organizations look to cloud service providers that have taken the step of becoming certified against standards such as ISO 27001 or SOC 2. He also recommends not stopping there and looking to certifications that align with specific risk areas such as IPAA, GDPR, CCPA or PCI. That's still not enough, though, he cautions in this podcast. Meet with the security team to discuss the organization's practices and how it manages third party vendor risk. If their practices aren't secure or the team is unwilling to meet with you that should be a very large red flag. So, too, is the approach to compliance:  stay away from vendors who take a check-the-box approach. Other pieces of advice he offers: Ask if they scan code in the build pipeline Determine if they do runtime monitoring of the infrastructure Find out what tools they use to ensure your date is secure Make sure they are constantly scanning for vulnerabilities Finally, security is a “team sport” he notes. It's important to maintain trust on an ongoing basis and look at this as a journey together. Be sure to learn from the failures of others, and, of course, make sure that you are just as vigilant of your internal IT security as you are of your vendor's.

This week in the Enterprise News: Aqua Security Introduces new Aqua Platform, Decryption Tools, Security Summit 2021: Google expands Trusted Cloud, Clearview AI raises $30M to accelerate growth in image-search technology, & more!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw236

This week in the Enterprise News: Aqua Security Introduces new Aqua Platform, Decryption Tools, Security Summit 2021: Google expands Trusted Cloud, Clearview AI raises $30M to accelerate growth in image-search technology, & more!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw236

Pete Cheslock is a cloud economist at The Duckbill Group and an advisor and consultant who helps startups with product strategy, messaging, and other go-to-market needs. Prior to these positions, he worked at a slew of tech companies, holding positions such as VP of Products at ChaosSearch, VP of Technical Operations at Threat Stack, Inc., Director of DevTools at Dyn, and Director of Technical and Cloud Operations at Sonian. Pete holds a masters in business administration from Babson and a bachelors in communications from Michigan State University. Join Corey and Pete as they talk about the virtual edition of re:Invent, what it was like to make fun of companies in a virtual expo hall, why vendors were aggressive in following up with leads from re:Invent, how virtual booth pricing at re:Invent didn’t really make any sense, what Corey and Pete like so much about the expo hall, how Pete enjoyed not having to spend a week in Vegas and come home sick this year, how people don’t follow AWS events like folks follow rock bands and why that’s a good thing, how re:Invent has evolved over time and how that evolution continues today, and more.

Ariel is a Partner at Scale focused on investments in the cloud and security industries. He currently sits on the board of directors at Agari, BigID, CyberGRX, Expel, Honeycomb, PerimeterX, and Threat Stack. Previously, he was Director of Cloud Solutions at Netflix where he was responsible for creating and operating one of the most modern cloud infrastructures in the industry, accounting for a full third of all US downstream internet traffic at peak. Ariel holds an MBA with honors from Wharton.

How to Write an Automated Test Framework in a Million Little Steps, Qualys remote endpoint protection solution helps enterprises secure remote workforces, Sysdig Provides the First Cloud-Scale Prometheus Monitoring Offering, Kaspersky Security for Microsoft Office 365 adds protection for SharePoint Online and Microsoft Teams and more!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode177

How to Write an Automated Test Framework in a Million Little Steps, Qualys remote endpoint protection solution helps enterprises secure remote workforces, Sysdig Provides the First Cloud-Scale Prometheus Monitoring Offering, Kaspersky Security for Microsoft Office 365 adds protection for SharePoint Online and Microsoft Teams and more!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode177

Kevins journey back from injury was not without hardship, setback, and personal struggles; but through hard work, steadfast faith, and the stalwart support of his wife Kimberlee, he recovered and went on to earn dual Master’s Degrees from the Harvard Kennedy School of Government (MPA), and the MIT Sloan School of Management (MBA). Today, Kevin’s mission is to inspire others and help with their own journeys to physical, mental, and emotional healing. Sharing his message broadly via multiple media channels (www.woundedbywar.com, https://www.facebook.com/WoundedByWar/, and Instagram @woundedbywar), he also travels and speaks widely to numerous organizations about his experiences and the lessons learned from his service, being wounded, and the recovery process. Raised in Saratoga, NY, Kevin attended Union College in Schenectady, NY before volunteering for the U.S. Army and qualifying for Special Forces (Green Beret) training. Assigned to the 1st Special Forces Group in Fort Lewis, Washington, he deployed to the Philippines, Thailand, and twice to Afghanistan, where he suffered his career-ending injury. When he transitioned from the Army, he had achieved the rank of Staff Sergeant and had earned multiple awards and honors, including the Bronze Star Medal (two awards), Purple Heart, Army Commendation Medal w/ Valor, and the Meritorious Service Medal. After graduate school, he has since worked for Goldman Sachs and is now the Director of Strategic Projects for Threat Stack, a Boston-based cyber-security firm. Kevin continues to serve the Special Forces community, as he now sits on the Board of Directors for the Green Beret Foundation. He has been married to his college sweetheart, Kimberlee, for eight years, and they live in Weymouth, MA with their two beautiful daughters, Lilah and Everly.

Pete Cheslock is an advisor and consultant who helps startups with product strategy, messaging, and other go-to-market needs. Prior to going out on his own, he worked at a slew of tech companies, holding positions such as VP of Products at CHAOSSEARCH, VP of Technical Operations at Threat Stack, Inc., Director of DevTools at Dyn, and Director of Technical and Cloud Operations at Sonian. Pete holds a master's in business administration from Babson and a bachelor's in communications from Michigan State University. Join Corey and Pete as they discuss the differences between CHAOSSEARCH and Elasticsearch, proper etiquette for the conference badge-scanning experience, how tech can be a bubble and not everyone might know the tools you do, the increasingly prominent roles artificial intelligence and machine learning play in the AWS ecosystem, why the re:Invent experience is like a marathon, what it’s like listening to a talk on a pair of headphones, which re:Invent announcement made the least waves, why diversity amongst chip manufacturers is a good thing, and more.

Mark Moore, Senior Software Security Engineer at Threat Stack, returns to discuss scaling with Tim Buntel, and how to identify the best solutions when being pitched to or roaming booths at a conference.

Mark Moore, senior software security engineer, at Threat Stack joins Tim Buntel to talk about how developers can encourage strong user passwords using Mark's experience at Threat Stack as an example. 

The new host of Your System Called, Threat Stack VP of Application Security Tim Buntel is joined by Pat Cable, director of platform security at Threat Stack for a chat about secrets management in a DevSecOps environment, some recommended tools, and tips for keeping your secrets...secret

Would you like access to unlimited retention of your data within your Amazon S3, which costs far less than online storage on disc? Well, the next time you’re at re:Invent, visit CHAOSSEARCH’s booth. Today, we’re talking to Pete Cheslock, vice president of products at CHAOSSEARCH and former vice president of operations at Threat Stack. CHAOSSEARCH helps people get access to their login event data using Amazon S3. Some of the highlights of the show include: re:Invent - Year of the Pin: People go nuts for conference swag and were collecting pins as if they were gold Scan Your Badge and Drip Emails: Annoying and passive-aggressive marketing trends meant to be spontaneous and interesting Need a job? Corey’s looking to hire a “Quinntern” to use a tag email address to gather conference swag at the next re:invent; if interested, contact him    Corey and Pete’s Swag Rules: Something you want or can use, continues to be valuable, no sizes, no socks Densify Drama: Conference flyer to generate leads failed, created complaints Track and analyze data, but don’t use it to invade privacy or become creepy Las Vegas: Right place for conferences, such as re:Invent? Rather than focusing on going to conference sessions, make meeting and talking to people doing interesting things your priority Midnight Madness Event: Only place Corey could do stand-up Cloud comedy re:Invent 2019: Plan appropriately, identify what you want to get out of it, register ASAP to get a nearby hotel, and schedule meetings with AWS staff Links: Pete Cheslock on Twitter Pete Cheslock on LinkedIn CHAOSSEARCH Threat Stack AWS Amazon S3 Amazon Elasticsearch re:Invent Corey Quinn’s Newsletter Corey Quinn on Twitter Corey Quinn’s Email Sonian Acloud.guru Densify Oracle Apache Cassandra DigitalOcean AWS re:Invent 2018 - Keynote with Andy Jassy AWS re:Invent 2018 - Keynote with Werner Vogels AWS re:Inforce VMware Dreamforce Kubernetes Datadog

In the world of security monitoring and alerting, there is an increasing number of opportunities and advanced technologies. People look for better ways to gain insights from large datasets and are tasked with the responsibility of communicating that data throughout the entire organization. In this talk, we explore how to democratize the security of your next-gen infrastructure by building measurement directly into systems, factoring in security-related KPIs and OKRs. Attendees learn how everyone, from SMBs to enterprises, securely scale their infrastructure while continuing to enable innovation at the speed of business. This session is brought to you by AWS partner, Threat Stack.

In this episode: John Everson, CISO for Afiniti is our feature interview this week. News from: Denver Airport, Colorado.gov, System76, Ping Identity, Automox, Red Canary, Threat Stack, InteliSecure, LogRhythm, CableLabs and a lot more! All the single ladies love Denver We couldn’t land Amazon, but Denver does land the single ladies. DIA is the best large airport in the US (and getting better). Our state website is pretty great too. And our economy is growing like crazy. Some insight on System76 bringing their computer manufacturing to Colorado. Ping Identity hires some execs. Automox raises money. Red Canary partners with Threat Stack. InteliSecure releases their big 2018 report. LogRhythm holds themselves accountable for their predictions. And CableLabs releases Micronets. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com Local security news: Join the Colorado = Security Slack channel Denver ranks among top housing markets for career-minded, single women DIA is the best large airport Colorado.gov, the Official State Website, Ranks 5th in the Country | Business Wire Colorado economy accelerates in second quarter Why an open-source PC maker decided to bring its manufacturing to Denver -- and how it did it Ping Identity Announces Additions to Leadership Team Boulder cybersecurity firm Automox to add 20 employees after $9.3M raise Red Canary and Threat Stack Partner to Protect Cloud Infrastructure InteliSecure Releases 2018 State of Critical Data Protection Report Revealing Significant Gaps in Cybersecurity Expertise, Execution Looking Back at LogRhythm Labs' 2018 Predictions for Security - How Did We Do? Micronets: Enterprise-Level Security Is No Longer Just For Enterprises Job Openings: Ping Identity - GRC Analyst - Business Continuity & Incident Response Ping Identity - Security Program Business Analyst Colorado Secretary of State - Chief Information Security Officer (CISO) Fort Lewis College - Chief Information Security Officer SomaLogic - VP, Information Security Risk Based Security - Software Security Analyst Bank of America - Cybersecurity Threat Hunt Specialist CISO LLC - Maritime Operational Technology Security Specialist Herjavec Group - Commercial Sales Representative Regis University - Assistant (or Associate) Professor Upcoming Events: This Week and Next: SecureSet - Denver War Games: Applied Cryptography 2 - 11/26 DenSec - November meetup - 11/28 SecureSet - Denver War Games: Network Security 1—ARP Poisoning - 11/28 ISC2 Pikes Peak - November meeting - 11/28 Lockpicking event at Kivu - 11/30 SecureSet - Women Only – Intro to Capture The Flag – Extended Mix - 11/30 COS ISSA - Chapter Annual Awards Banquet - 12/6 COLORADO SPRINGS CYBERSECURITY FIRST FRIDAY SOCIAL & MIXER - 12/7 Other Notable Upcoming Events ISSA / ISACA Holiday Bash - 12/10 SnowFROC - 3/14 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

Ethan Hansen is a security analyst in the Threat Stack SOC. John Shoenberger is a security solutions engineer. They join Mike in this episode to discuss container security and the cryptojacking trends observed in customer environments.

Ben Patterson, Threat Stack director of engineering, talks with Mike Broberg about site reliability engineering while at the Boston SRE meetup at the Wayfair offices in October 2018. Ben provides his perspective on managing technical debt and its impact on reliable software, as well as the relationship between development and operations teams.

In this episode we sit down with Ben Patterson - Director of Engineering @ Threat Stack - and discuss a multitude of topics including #Enabling & #Empowering engineers by providing the #safety to ask questions, #HighAvailabilityLeadership, #Inclusion, Changing roles and Growth, and Drinking as part of #Culture... Even explaining how #Culture is like a tomato plant. We touch it all in this one! Tune in. Turn it up. Learn. Grow.0:00:00 - Introduction0:08:00 - Definition of Culture0:10:06 - Changing roles and growth0:13:05 - How to build a great tomato plant (Culture)0:30:30 - How to enable teams to perform at a high level0:35:50 - Inclusion0:42:55 - Drinking as part of Culture0:56:24 - Reducing the context switching and churn that engineers encounter1:01:00 - Q&A

In today's podcast, we hear about a Citizen Lab report on the global use of Pegasus lawful intercept tools. OilRig seems to be spearphishing in Bahrain. University IP theft by Iran seems widespread, but it also doesn't look very lucrative. Peekaboo vulnerability affects security cameras. WannaMine is the latest campaign to exploit the stubborn EternalBlue vulnerability. Data firms work toward guidelines to prevent political data abuse. David Dufour from Webroot with a primer on quantum computing. Guest is Sam Bisbee from Threat Stack on public cloud breaches. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_18.html

Do you need data captured that let you know when things don’t look quite right? Need to identify issues before they become major problems for your organization? Turn to Threat Stack, which has Cloud issues of its own, and helps its customers with their Cloud issues. Today, I’m talking to Pete Cheslock, who runs technical operations at Threat Stack, which handles security monitoring, alerting, and remediation. The company uses Amazon Web Services (AWS), but its customer base can run anywhere.   Some of the highlights of the show include: Challenges Threat Stack experienced with AWS and how it dealt with them Threat Stack helps companies improve their security posture in AWS Security shouldn’t be an issue, if providers do their job; shared responsibility Education is needed about what matters regarding security, avoiding mistakes Cloud is still so new; not many people have abroad experience managing it Scanning customer accounts against best practices to identify risks Threat Stack’s scanning tool is worthwhile, but most tools lack judgement and perspective Threat Stack offers context between host- and Cloud-based events; tying data together is the secret sauce You shouldn’t have to pay a bunch of money to have a robust security system Good operations is good security; update, patch, track, and perform other tasks Lack of validation about what services are going to be a successful or not Vendor Lock-in: Understand your choices when building your system Pervasiveness and challenge of containerization and Kubernetes Cloud reduces cycle time and effort to bring a product to market Amazon is a game changer with what it allows you to do and solve problems Links: Pete Cheslock Digital Ocean Threat Stack AWS re:Invent Kubernetes

Pete Cheslock (http://www.codemonkey.fm/guests/pete-cheslock) joins us to discuss working at Threat Stack and the latest WikiLeaks Vault 7, Github's permissive IP ownership for employees, Google Cloud Spanner. Special Guest: Pete Cheslock.

I had a chance to sit down with Pete Cheslock and Chris Gervais of Threat Stack to talk about DevOps and Security. Pete and Chris are two sharp people and so it was a great discussion. Hope you enjoy another DevOps Chat from DevOps.com

In our fifty-ninth episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, Jennifer Quinn-Barabanov, and Maury Shenk discuss: China’s acknowledgement that it has a cyberwar strategy; the Judicial Conference Advisory Committee on Criminal Rules’ vote to amend Rule 41; automakers facing cybersecurity class action lawsuits; the UK’s plan to regulate bitcoin; Target’s $10 million settlement; and China’s effort to exclude US technology companies from its market. In our second half we have an interview with Richard Bejtlich, Chief Security Strategist at FireEye, adviser to Threat Stack, Sqrrl, and Critical Stack, and fellow at Brookings Institution. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.