What Would My SOC 2 Dashboard Look Like?

As your organization pursues your SOC 2 certification, organization is critical.  You will be busy actively managing dozens of ongoing daily tasks, which can bury you in minutiae.  But at the same time, you need to keep your high-level compliance goals in focus in order to successfully move your certification over the finish line.  In this post, we will look at all the components your SOC 2 “dashboard” should contain

Read more

DevSecOps: The Core Curriculum Opening Remarks

DevSecOps: The Core Curriculum -- opening remarks My brother like 15 years ago asked me what song I would come up to if I were a pro wrestler. There are two. That was one of them. The second one is going to introduce our very first speaker. So Hey, everybody, what's up? I'm Liz. I am the co founder and CEO of strongDM. I'm going to start off by telling

Read more

Implement a BYOD Policy | Best Practices for SOC 2 Compliance

Writing Your BYOD PolicyThis article will point you to the core concepts of BYOD, removable device, and cloud storage policies so that you understand best practices before writing your own. Removable media, cloud storage, and BYOD devices can be a quick and convenient way for employees to handle data.  But with this convenience comes some serious security concerns. Unprotected removable storage is an easy entry point for end users to

Read more

Why ASICS Digital Builds 12-Factor Apps with a Focus on Infrastructure

How ASICS Digital Created a Culture of You Build it, You Run it John Noss is a Senior Site Reliability Engineer at ASICS Digital, formerly Run Keeper. In this talk, he shares how ASICS Digital builds 12-Factor apps with an emphasis on infrastructure. Listen as they walk through how and why they made a dev culture of 'You Build It, You Run It' and download the slides now.

Read more

How Betterment Secures Server Access – Automate the Boring Stuff

Chris Becker, SRE, Betterment Chris Becker is an SRE at Betterment. Previously, he did similar work on Warby Parker's Infrastructure team. At Betterment, he earned the label APT (advanced persistent threat) thanks to consistently tripping alarms with his peculiar scripts and commands. In this talk, he discusses how Betterment's approach to server access controls evolved as the team grew exponentially. With more people and keys to manage, the SRE team

Read more

Why Fair Eliminated Static Credentials — A Retrospective

Fair Eliminates Static Credentials with strongDM Cat Cai is currently the Director of Platform Engineering at Fair. In this talk, alongside Jack Wink and Marshall Brekka, they discuss how Fair eliminated static credentials through automation and tooling decisions. Listen as they walk through how they make sure they enforce least privileged access, and rotate credentials without causing a huge headache in the organization.

Read more

Senior Engineering Director at Zymergen on Code Reviews

ShareAbout Token SecurityAt Token Security our goal is to teach the core curriculum for modern DevSecOps. Each week we will deep dive with an expert so you walk away with practical advice to apply to your team today. No fluff, no buzzwords.About This EpisodeThis week Jeff Burkhart, Senior Engineering Director at Zymergen talks code reviews, code review fatigue, and what to do when agile becomes tedious. About The HostsMax SaltonstallMax

Read more

Director of IT & Operations at Chef on What it Means to be Secure

ShareAbout Token SecurityAt Token Security our goal is to teach the core curriculum for modern DevSecOps. Each week we will deep dive with an expert so you walk away with practical advice to apply to your team today. No fluff, no buzzwords.About This EpisodeThis week we are joined by Ben Rockwood, Director of IT & Operations at Chef who shares what it means to be secure, and how compliance and

Read more

Daniel Leslie Director of Security Intelligence & IT Operations at Namely on the Human Side of Security

ShareAbout Token SecurityAt Token Security our goal is to teach the core curriculum for modern DevSecOps. Each week we will deep dive with an expert so you walk away with practical advice to apply to your team today. No fluff, no buzzwords.About This EpisodeThis week we are joined by Daniel Leslie at Namely who shares his take on the human side of security, and what security at scale looks like

Read more

Token Security Podcast | Alan Daines Chief Information Security Officer at FactSet on Phishing

ShareAbout Token SecurityAt Token Security our goal is to teach the core curriculum for modern DevSecOps. Each week we will deep dive with an expert so you walk away with practical advice to apply to your team today. No fluff, no buzzwords.About This EpisodeIn this episode Max Saltonstall and Justin McCarthy are joined by Alan Daines, Chief Information Security Officer at FactSet to talk about phishing, educating on it, and

Read more