Hearst Eliminates DevOps Complexity with Automation Jim Mortko is responsible for leading all Internet-based engineering and digital production efforts, along with ecommerce and marketing initiatives that support Hearst Magazines’ diverse units including 20 U.S. magazines, Hearst Digital Media, the Hearst App Lab and Hearst Magazines UK. He is credited with spearheading the launch of five internal systems, along with supporting the launch of more than 10 websites. In this talk,
See What You MissedWatch highlights from all the speakers DevSecOps: The Core Curriculum Opening Remarks By Laura Franzese August 25, 2019 Blog, Conference DevSecOps: The Core Curriculum -- opening remarks My brother like 15 years ago asked me what song I would come up to if… Read more Why ASICS Digital Builds 12-Factor Apps with a Focus on Infrastructure By Laura Franzese August 1, 2019 Blog, Conference, Uncategorized How ASICS
What Splunk Does Joel Fulton is the Chief Information Security Officer for Splunk. At Splunk, they've put effort into transforming their organization from a waterfall approach to agile, to now a DevSecOps approach. In case you're not familiar, Splunk is a software development company focused on machine data aggregation. They collect your data on to your on-prem and they count on you to manage and protect that. Splunk relies on
Despite thousands of articles, there's shockingly little actionable advice to help startups complete SOC 2. When you don't have dedicated compliance teams or six figure budgets, we set out to answer: When to pull the trigger on SOC 2. Who needs to be involved in prep work & what tasks can/can not be delegated. How to narrow the scope and save as much time as possible. What are achievable best
ShareAbout Token SecurityWelcome! This is the inaugural episode of Token Security, our goal is to teach the core curriculum for modern devsecops. Each week we will go deep with an expert on a specific topic so you walk away with practical advice to apply to your team today. No fluff, no buzzwords.About This EpisodeThis episode we sit down with Peter Tormey, Head of Infrastructure at SoFi. The crew talks PII,
If you sell software to businesses, clients will probably start asking if you're SOC 2 compliant? Why? Because it's a convenient way to confirm you have *some* maturity around security best practices. What SOC 2 is not! You should not confuse SOC 2 compliance for actual security best practices. Although it covers the core departments and processes that interact with sensitive data, it does not stipulate standards. It merely confirms
The first time I went through SOC2 I wasted way way too many hours on Google trying to figure out best practices. It drove my nuts how much was written without actually telling me anything actionable. Why wasn't there a simple summary to understand: How long will a SOC 2 Type 1 audit take? How much will SOC 2 Type 1 cost? What are best practices for each policy? Two