Implement Enterprise DevSecOps

How to Implement Enterprise DevSecOps

Enterprise DevSecOps is the union of Agile development, security, and operations. Organizations have experienced some notable success in integrating two of the three pillars of long-term competitive advantage and strategy, alternately benefitting from DevSec, SecOps, and DevOps with each of their hybrid emphasis. However, the real benefit to organization’s bottom line and market advantage is[…]

Cloud Security

Better Cloud Security with just One Step

When automobiles first came off Henry Ford’s assembly line, they were a novelty. They were a status symbol for the wealthy who wanted to flaunt their free capital. Few would have believed in those early years that the automobile and its myriad of gasoline and diesel-powered cousins would become iconic staples that would shape global[…]

Enterprise Threat Modeling

Enterprise Threat Modeling Quantifies Risk

An ad hoc, per-application threat modeling practice is a good start. After all, bringing secure coding considerations into the application design process makes creating secure, functional products on tight Agile timeframe much more efficient. Over the years, ad hoc threat modeling has demonstrated its value to organizations from an AppSec perspective. However, attempting to manage[…]

Cyber Risk Management

Attack Surface Analysis the key to Cyber Risk Management

The role of the CISO is continuing to evolve. Originally CISOs were expected to be tech-savvy security subject matter experts. Today organizations are requiring their CISOs to be business-savvy experts at cyber risk management also. Singularly either one of these functions would constitute a full-time challenge. In combination, they would drive even the most proficient[…]