Jul 9, 2020 | Attack Surface Analysis, Cyber Risk
With the COVID-19 pandemic impacting us worldwide and showing no signs of letting up, many cybersecurity professionals are working remotely, and taking extra measures to secure their devices and networks. We turn the spotlight on to the role of cybersecurity...
Jul 2, 2020 | Attack Surface Analysis, AWS, CISO, Cloud security, Developers
For this ThreatModeler Blog Special Edition, we recap our Fireside Chat (with link to the webcast) moderated By Ty Sbano, Chief Security & Trust Officer, Sisense; with panelists: Praveen Nallasamy, Vice President, Cybersecurity at BlackRock Tom Holodnik, Software...
Jun 25, 2020 | Events, Recent News, Threat Modeling
The annual, five-day Open Security Summit is unique on the Information Security conference calendar as it entails security practitioners coming together in working sessions to collaborate on moving the industry practice forward. This year was unusual however, as it...
Jun 23, 2020 | AWS, Cloud security, Cloud Threat Modeling, DevSecOps
While much of the tech world is adopting the private cloud for the added security and scalability, today’s developers typically rely on its public, less secure cousin. The reason is simple: it’s way cheaper. “Private” cloud infrastructure requires providers to assign...
Jun 11, 2020 | Attack Surface Analysis, AWS Security Epics Automated, CISO, Risk Management
There’s no shortage of content on the internet that extolls the great virtues of cloud computing. And they’re largely correct. The cloud offers numerous major advantages like reduced cost, ease of scalability, and access to bleeding-edge tech services and...
Jun 8, 2020 | AWS Security Epics Automated, Cyber Risk, Threat Modeling, Threat Modeling Process
As part of the 1st International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS), a paper was reviewed and accepted entitled: “Security Threat Modeling: Are Data Flow Diagrams Enough?” Anybody interested in the field of threat modeling would...
Jun 4, 2020 | AWS, AWS Security Epics Automated, Cloud security, Security
How Security and Compliance Teams Can Collaborate and Thrive in the Cloud Compliance and security share a great deal in common, but there are key differences. Both deal with organizational safety and security, minimize risk, protect consumer data, and experience...
Jun 2, 2020 | Attack Surface Analysis, AWS, AWS Security Epics Automated, CISO, DevOps, DevSecOps
By Michael Vizard The best cybersecurity defense is always applied in layers. If one line of defense fails, the next should be able to thwart an attack and so on. That same, tried and true, security in depth concept applies to DevOps as responsibility for...
May 28, 2020 | AWS, Threat Models
The premise behind least privilege is simple: if you want to protect your bank vault, start by being very careful about who gets a key. In the cybersecurity world, least privilege works very much the same, but instead of keys and bank vaults, its access to sensitive...
May 21, 2020 | Attack Surface Analysis, AWS, CISO, Cloud security, DevSecOps
There is a consensus emerging demanding developers to assume more responsibility for security as more organizations embrace best DevSecOps practices and move to the cloud. The trouble is, most organizations aren’t providing the guidance and tools developers need to...
