Hi [[ session.user.profile.firstName ]]

Threat Stack

  • Date
  • Rating
  • Views
  • Architecting Cloud Infrastructure Security for Enterprise
    Architecting Cloud Infrastructure Security for Enterprise
    Andras Cser - Forrester VP, Principal Analyst Serving Secirty & Risk and Chris Ford - Threat Stack VP, Product Recorded: Mar 18 2019 60 mins
    In this webinar, guest speaker Andras Cser, Forrester Analyst and Chris Ford, Threat Stack VP of Product, will discuss how enterprises can effectively combine the native security offerings of Public Cloud Platforms with third party tools under the shared responsibility model. Attendees will learn about various native security capabilities such as AWS Guard Duty, IAM, and Macie and how to evaluate third-party cloud security tools such as CASB, WAF, and CWS.

    Many public cloud providers and have robust security capabilities built-in to their IaaS offerings. However, they are often clear in their stance that security in the cloud is a shared responsibility between cloud providers and users. That leaves many organizations struggling to understand the differences between the multitude of third-party cloud security categories and how to determine which tools fit within their cloud environment.

    This webinar will help these organizations understand exactly what they are getting from their security provider and how to take ownership of their side of the shared responsibility model with third-party cloud security tools.
  • AWS Security: Visualizing Security Data in 2019
    AWS Security: Visualizing Security Data in 2019
    Chris Murdock, Security Architect at Conga Recorded: Jan 17 2019 36 mins
    In a world of evolving, complex cloud infrastructure – there is no shortage of advanced security technologies that monitor for potential threats. People look for better ways to gain security insights from large datasets and are tasked with the responsibility of communicating associated business risk throughout the entire organization.

    In this webinar, Security Architect Chris Murdock from Conga will explore how to democratize the security of your next-gen infrastructure by building measurement directly into systems, factoring in security-related KPIs and OKRs. Tune in to learn how to securely scale your infrastructure while continuing to enable innovation at the speed of business.
  • Inside a Docker Cryptojacking Exploit
    Inside a Docker Cryptojacking Exploit
    Ethan Hansen, Threat Stack Security Analyst Recorded: Nov 15 2018 30 mins
    Docker containers are often used to create developer sandbox environments. Because Docker containers can be lightweight, ephemeral infrastructure, they’re a natural fit for building sandboxes. While Docker is great at managing the lifecycle of these workloads, it’s not a security tool.

    In this webinar, Ethan Hansen, Security Analyst for Threat Stack’s Cloud Security Operations Program, will discuss recently observed Docker exploit attempts from the field, where attackers were looking for web applications vulnerable to command injection. He’ll also provide examples of what to watch for in your logs, cryptojacking and container breakout attempts among them.
  • How to Spend Your Security Budget in a DevOps World
    How to Spend Your Security Budget in a DevOps World
    Mark Moore, Threat Stack Sr. Security Engineer, Kevin Durkin, CFO, and Natalie Walsh, Product Specialist Recorded: Nov 8 2018 23 mins
    Threat Stack’s latest report reveals that security budgets will increase by nearly 20% in the next two years - yet 96% of organizations believe they need more to be effective in keeping pace with devops.

    In this session, Threat Stack Security Engineer, Mark Moore, and CFO, Kevin Durkin, will discuss the current state of security processes and investments as organizations shift to the cloud. Learn how to build a scalable security program that fits your organization’s budget. Join us on November 8th at 1pm ET to learn more about:

    - Aligning your security budget with your most targeted threats
    - Minimizing risk introduced by development teams
    - Vendor evaluation processes for maximum ROI
  • Container Security: Taking a Layered Approach to Infrastructure Security
    Container Security: Taking a Layered Approach to Infrastructure Security
    Fernando Montenegro, 451 Research Senior Analyst and Security Technologist and Threat Stack's Nathan Cooprider Recorded: Oct 25 2018 48 mins
    Container technologies such as Docker and Kubernetes create massive efficiencies for operations teams, and are, importantly, fun for developers to use. The downside: more IP-addressable containers create greater attack surface for compromising host OS.

    As your containers live, die, and move around – it is important to take a holistic approach to securing each layer of cloud infrastructure. Tune in on October 25th at 1pm ET to hear from 451 Analyst and Threat Stack Security Engineer on:

    - Infrastructure trends and container primitives
    - Pinning down runtime container security
    - Mastering the container control plane and navigating Kubes
  • Inside an Enterprise Breach in a Public Cloud Environment
    Inside an Enterprise Breach in a Public Cloud Environment
    Sam Bisbee, CSO, at Threat Stack Recorded: Oct 22 2018 46 mins
    With the visibility provided by the Threat Stack Cloud Security Platform®, the Threat Stack Security team has the unique ability to observe user, system and file trends across cloud infrastructure, to see how bad actors are attempting to exploit it. Over the past year, the team has observed strong evidence of increasing sophistication of public cloud attacks. Although simpler methods, like exploiting S3 buckets or utilizing mass botnet activity, are still popular as ever, attackers are increasingly using multi-step attacks to traverse infrastructure in search of sensitive customer information and company crown jewels.

    In this session, Threat Stack CSO Sam Bisbee will walk through the steps of a recent customer breach while discussing trends in the rising sophistication of public cloud actors and how to monitor your own infrastructure for these threats.
  • Build a DevSecOps Unicorn for the Cloud
    Build a DevSecOps Unicorn for the Cloud
    Martin Rues, CISO at Outreach Recorded: Oct 4 2018 29 mins
    The modern security professional is somewhat of a Unicorn – needing expertise in devops, security, and cloud infrastructure. Outreach’s CISO, Martin Rues, knew finding a candidate with the right combination of skill sets would be a time-consuming exercise with low yield.

    Despite not making a single security hire in 2017, Martin was able to tune down security alerts, achieve ISO27001 and SOC 2 Type 2 compliance, and develop a container security strategy all in the same year. Learn about Martin’s unique approach to coping with the security talent shortage by leveraging a Cloud SecOps program in this webinar on Thursday October 4th at 11am EST.
  • How to Build and Mature a SecOps Program in the Cloud
    How to Build and Mature a SecOps Program in the Cloud
    Pete Cheslock, Threat Stack's Head of Ops and Pat Cable, Threat Stack's Sr. Infrastructure Security Engineer Recorded: Jul 19 2018 40 mins
    Scaling your business is hard, but scaling your business securely is even harder. While modern cloud infrastructure has fostered speed and innovation through DevOps, security still lags behind. When it comes to securing modern infrastructure, achieving your cloud security objectives should not mean sacrificing good operations principles for good security principles, or vice versa.

    In this webinar, Threat Stack’s Head of Ops, Pete Cheslock, and Sr. Infrastructure Security Engineer, Pat Cable, will discuss what it takes to bring good security and good operations into alignment. They will offer practical advice to help you build and mature a cloud secops program for your Organization

    - Understand how cloud security differs from traditional, on premise security frameworks
    - Learn the five core SecOps principles that will help fortify your cloud infrastructure
    - Develop a comprehensive understanding of cloud secops best practices, including both technology and team management
  • How to Achieve Type 2 SOC 2 with Zero Exceptions
    How to Achieve Type 2 SOC 2 with Zero Exceptions
    Pete Cheslock, Threat Stack's Head of Ops and Pat Cable, Threat Stack's Sr. Infrastructure Security Engineer Recorded: Jun 28 2018 46 mins
    Achieving Type 2 SOC 2 compliance with zero exceptions was no easy feat for us. However, rather than implementing stringent security protocols at every point of production, we made SOC 2 work for us – the Threat Stack way.

    Join Threat Stack’s Head of Ops, Pete Cheslock, and Sr. Infrastructure Security Engineer, Pat Cable to hear about their joint SOC 2 journey and the innovations created along the way (including a Change Management tool called ‘SockemBot’).

    Key points:
    - The infamous SockemBot, ticketing workflows, and other SOC 2 innovations
    - Developer-approved (!) operational changes for code and ticket mapping
    - The benefits we get to reap now, beyond SOC 2 fame
  • Pick Any Three: Good, Fast, or Safe. DevOps from Scratch
    Pick Any Three: Good, Fast, or Safe. DevOps from Scratch
    Pete Cheslock, Threat Stack’s Head of Ops Recorded: Jun 26 2018 41 mins
    If you ask ten people to define DevOps, you’ll likely get a dozen different answers. Somehow it’s 2018 and we still can’t agree on what DevOps is, only what it looks like. The truth is that successful DevOps implementations require hard work over long periods of time.


    DevOps at Threat Stack is a survival mechanism – it’s how we turn ideas into reality quickly and safely. Learn how we design our telemetry system to support useful, actionable metrics and the steps we take to level up our engineers, giving them the necessary accountability to truly own the applications they build.


    Tune in to learn concrete ideas you can take home to improve how work gets done within your organization including:

    - Engineering for rapid change
    - Measuring and optimizing system health
    - Making engineers accountable

Embed in website or blog