As your organization pursues your SOC 2 certification, organization is critical. You will be busy actively managing dozens of ongoing daily tasks, which can bury you in minutiae. But at the same time, you need to keep your high-level compliance goals in focus in order to successfully move your certification over the finish line. In this post, we will look at all the components your SOC 2 “dashboard” should contain
Whether you’re looking to achieve SOC 2 compliance, or just want to learn more about it, your Googling is bound to lead you to a wealth of articles chock full of buzzwords and acronym soup. In this post, we will provide a guide with definitions, links and resources to gain a solid understanding of everything you need to know about SOC 2 audits. What is SOC 2? SOC 2 is
How ASICS Digital Created a Culture of You Build it, You Run it John Noss is a Senior Site Reliability Engineer at ASICS Digital, formerly Run Keeper. In this talk, he shares how ASICS Digital builds 12-Factor apps with an emphasis on infrastructure. Listen as they walk through how and why they made a dev culture of 'You Build It, You Run It' and download the slides now.
Chris Becker, SRE, Betterment Chris Becker is an SRE at Betterment. Previously, he did similar work on Warby Parker's Infrastructure team. At Betterment, he earned the label APT (advanced persistent threat) thanks to consistently tripping alarms with his peculiar scripts and commands. In this talk, he discusses how Betterment's approach to server access controls evolved as the team grew exponentially. With more people and keys to manage, the SRE team
See What You MissedWatch highlights from all the speakers DevSecOps: The Core Curriculum Opening Remarks By Laura Franzese August 25, 2019 Blog, Conference DevSecOps: The Core Curriculum -- opening remarks My brother like 15 years ago asked me what song I would come up to if… Read more Why ASICS Digital Builds 12-Factor Apps with a Focus on Infrastructure By Laura Franzese August 1, 2019 Blog, Conference, Uncategorized How ASICS
Why? That’s a good starting question to start with, what’s the goal? Here we’re talking about managing access to instances on AWS and Azure in a unified way and there’s a bunch of possibilities, including (not exhaustive): Local users from a csv list with a script Local users using a configuration management tool Using a central directory (NIS, AD, LDAP) Using strongDM While the two first options are legit for
ShareAbout Token SecurityAt Token Security our goal is to teach the core curriculum for modern DevSecOps. Each week we will deep dive with an expert so you walk away with practical advice to apply to your team today. No fluff, no buzzwords.About This EpisodeThis week we are joined by Ben Rockwood, Director of IT & Operations at Chef who shares what it means to be secure, and how compliance and
Daniel Leslie Director of Security Intelligence & IT Operations at Namely on the Human Side of Security
ShareAbout Token SecurityAt Token Security our goal is to teach the core curriculum for modern DevSecOps. Each week we will deep dive with an expert so you walk away with practical advice to apply to your team today. No fluff, no buzzwords.About This EpisodeThis week we are joined by Daniel Leslie at Namely who shares his take on the human side of security, and what security at scale looks like
ShareAbout Token SecurityAt Token Security our goal is to teach the core curriculum for modern DevSecOps. Each week we will deep dive with an expert so you walk away with practical advice to apply to your team today. No fluff, no buzzwords.About This EpisodeIn this episode Max Saltonstall and Justin McCarthy are joined by Alan Daines, Chief Information Security Officer at FactSet to talk about phishing, educating on it, and
Passwords are one of the most common targets for hackers, so it’s imperative that your company enforce a strong password policy. This policy will not only define the requirements of the password itself but the procedure your organization will use to select and securely manage passwords.