SSH Audits Made Simple

February 3, 2020

If you work with systems that run any variety of Linux or BSD then the probability is high that you have dealt with SSH. Invented in 1995 and established as an internet standard by the IETF in 2006, Secure Shell has become the default mechanism for remote access to servers by individuals and teams everywhere. SSH Authentication Authenticating yourself to

Read more

What Would My SOC 2 Dashboard Look Like?

October 25, 2019

As your organization pursues your SOC 2 certification, organization is critical.  You will be busy actively managing dozens of ongoing daily tasks, which can bury you in minutiae.  But at the same time, you need to keep your high-level compliance goals in focus in order to successfully move your certification over the finish line.  In this post, we will look

Read more

DevSecOps: The Core Curriculum Opening Remarks

August 25, 2019

DevSecOps: The Core Curriculum -- opening remarks My brother like 15 years ago asked me what song I would come up to if I were a pro wrestler. There are two. That was one of them. The second one is going to introduce our very first speaker. So Hey, everybody, what's up? I'm Liz. I am the co founder and

Read more

Implement a BYOD Policy | Best Practices for SOC 2 Compliance

August 8, 2019

Writing Your BYOD PolicyThis article will point you to the core concepts of BYOD, removable device, and cloud storage policies so that you understand best practices before writing your own. Removable media, cloud storage, and BYOD devices can be a quick and convenient way for employees to handle data.  But with this convenience comes some serious security concerns. Unprotected removable

Read more

How Betterment Secures Server Access – Automate the Boring Stuff

July 30, 2019

Chris Becker, SRE, Betterment Chris Becker is an SRE at Betterment. Previously, he did similar work on Warby Parker's Infrastructure team. At Betterment, he earned the label APT (advanced persistent threat) thanks to consistently tripping alarms with his peculiar scripts and commands. In this talk, he discusses how Betterment's approach to server access controls evolved as the team grew exponentially.

Read more

Why Fair Eliminated Static Credentials — A Retrospective

July 26, 2019

Fair Eliminates Static Credentials with strongDM Cat Cai is currently the Director of Platform Engineering at Fair. In this talk, alongside Jack Wink and Marshall Brekka, they discuss how Fair eliminated static credentials through automation and tooling decisions. Listen as they walk through how they make sure they enforce least privileged access, and rotate credentials without causing a huge headache

Read more

Senior Engineering Director at Zymergen on Code Reviews

April 19, 2019

ShareAbout Token SecurityAt Token Security our goal is to teach the core curriculum for modern DevSecOps. Each week we will deep dive with an expert so you walk away with practical advice to apply to your team today. No fluff, no buzzwords.About This EpisodeThis week Jeff Burkhart, Senior Engineering Director at Zymergen talks code reviews, code review fatigue, and what

Read more

Director of IT & Operations at Chef on What it Means to be Secure

April 11, 2019

ShareAbout Token SecurityAt Token Security our goal is to teach the core curriculum for modern DevSecOps. Each week we will deep dive with an expert so you walk away with practical advice to apply to your team today. No fluff, no buzzwords.About This EpisodeThis week we are joined by Ben Rockwood, Director of IT & Operations at Chef who shares

Read more