Blog

Brian Johnson
Security Engineer 7 Minute Security

Software Development Lifecycle Policy | A Practical Guide to SOC2

October 8, 2019

With headline-grabbing software vulnerabilities becoming more and more prevalent, now is the time to tighten up your development practices into a well-written SDLC policy. This particular information security policy will help your development teams standardize on coding tools and practices, as well as get everybody on the same page from a security standpoint. And come the time when you do have a incident, you will be able to demonstrate to your customers that you do indeed take their security seriously - it’s not just lip service.

Read more

DevSecOps: The Core Curriculum Opening Remarks

August 25, 2019

DevSecOps: The Core Curriculum -- opening remarks My brother like 15 years ago asked me what song I would come up to if I were a pro wrestler. There are two. That was one of them. The second one is going to introduce our very first speaker. So Hey, everybody, what's up? I'm Liz. I am the co founder and

Read more
Brian Johnson
Contributor

Connecting Postgres to Active Directory for Authentication

August 21, 2019

PostgreSQL is an open-source database system that is a popular choice for managing data and building applications.  While primarily geared towards developers, PostgreSQL is also designed to help system administrators safely and robustly store information in databases.  And because many networks use Active Directory to manage users and their resource permissions, it makes sense to tie PostgreSQL into this authentication

Read more
Tobias Macey
Host, Data Engineering Podcast

Provisioning Your People to be Productive

August 19, 2019

You just hired a new employee, great news! Luckily you have an easy onboarding process to get them access to all of the systems that they will need to access… right? If you just had a moment of panic, then keep reading because you're not alone.  Standardize Roles  Granting access to your databases and servers for a new user can

Read more
Brian Johnson
Contributor

Physical Facility Access Policy Best Practices | A SOC 2 Primer

August 12, 2019

Physical security is not just a concern for large companies. A small business also needs an established physical security policy to protect their physical assets and provide their employees with a sense of protection and safety. In this policy, you will define the controls, monitoring, and removal of physical access to your company’s facilities. Here are five practices for writing

Read more

Implement a BYOD Policy | Best Practices for SOC 2 Compliance

August 8, 2019

Writing Your BYOD PolicyThis article will point you to the core concepts of BYOD, removable device, and cloud storage policies so that you understand best practices before writing your own. Removable media, cloud storage, and BYOD devices can be a quick and convenient way for employees to handle data.  But with this convenience comes some serious security concerns. Unprotected removable

Read more
Tobias Macey
Host, Data Engineering Podcast

Automating Access For On-Call

August 7, 2019

If you manage any system that requires consistent availability then you are probably already familiar with services like PagerDuty. For those of you who are unfamiliar with on-call management, it is a class of services that integrates with your monitoring and alerting systems to ensure that someone gets notified of issues in a timely manner. Typically there is a team

Read more