Introduce yourself and tell us what you and your company does. My name's Jonathan Haas, I'm the CEO and co-founder of ThreatKey. ThreatKey is a security posture management platform. Essentially, what that means is we help businesses secure themselves and identify which things they should be prioritizing amongst their various business tools. Things like AWS, GCP, or SaaS product like Google workspace, Microsoft 365 65, etc.
My name is Whitney Champion and I'm the lead architect and one of the co-founders of Recon InfoSec. Basically I'm responsible for building and maintaining our security stack, our applications, and also our training platform: The Network Defense Range, or NDR. We're a managed security services provider, and we're based out of Austin, Texas. There are roughly 15 of us and we provide managed detection and response services and training.
It’s common to hear people talk about taking “an engineering approach” to cybersecurity. But what does this actually mean? How does it differ from the legacy model of cybersecurity? And what are the benefits to the enterprise?
We have most certainly been adding fuel to the fire, this is easily the biggest update we have had all year! We continue to add team members and our engineering capability is growing. The list of improvements and new capabitliite is too much to try and summarize, you will have to read the release notes below.
We all know how hard it is for companies to fill open cybersecurity positions. But is the situation improving? What are the root causes of the problem? And most importantly—what can be done about it?
CI/CD pipeline attacks are a growing threat to enterprise security. In this article, we’ll provide an overview of CI/CD for non-developers, discuss the cybersecurity issues involved, and offer some recommendations for developers, companies, and security teams.
The team at LimaCharlie continues on its mission to develop the concept of Security Infrastructure as a Service. We added three new team members during the month of June with more coming! We also hosted a webinar on securing your CI/CD pipeline built around some new capabilities we added which allow for the ingestion and monitoring of GitHub audit logs. You can watch a recording of that webinar here: SecDevOps & LimaCharlie - Automating and auditing of GitHub access
The market for cybersecurity solutions is changing, but the way vendors sell security products seems stuck in the past. There’s a lot that can be said about this, but here we want to raise an issue that isn’t talked about enough: Is cybersecurity sales culture, itself, bad for cybersecurity?
Please introduce yourself and tell us what you do, and what your company does. I’m Kimber Dowsett and I’m a Director at Krebs Stamos Group(KSG). We conduct cybersecurity consultancy engagements for high-profile organizations that may or may not have experienced a high-profile breach or acquisition, or simply want a world-class assessment of their org’s overall security posture.
Endpoints as well as applications such as AWS, Google Cloud, Office 365, 1Password, Slack, and thousands of others produce vast amounts of data. The volume of security data is growing, and this growth will continue for the foreseeable future. This, in turn, leads to several challenges: To solve these problems, many companies have adopted Splunk as their SIEM (security information and event management) platform.
