Episode 14: Cheslocked and loaded

Do you need data captured that let you know when things don’t look quite right? Need to identify issues before they become major problems for your organization? Turn to Threat Stack, which has Cloud issues of its own, and helps its customers with their Cloud issues.

Today, I’m talking to Pete Cheslock, who runs technical operations at Threat Stack, which handles security monitoring, alerting, and remediation. The company uses Amazon Web Services (AWS), but its customer base can run anywhere.  

Some of the highlights of the show include:

• Challenges Threat Stack experienced with AWS and how it dealt with them
• Threat Stack helps companies improve their security posture in AWS
• Security shouldn’t be an issue, if providers do their job; shared responsibility
• Education is needed about what matters regarding security, avoiding mistakes
• Cloud is still so new; not many people have abroad experience managing it
• Scanning customer accounts against best practices to identify risks
• Threat Stack’s scanning tool is worthwhile, but most tools lack judgement and perspective
• Threat Stack offers context between host- and Cloud-based events; tying data together is the secret sauce
• You shouldn’t have to pay a bunch of money to have a robust security system
• Good operations is good security; update, patch, track, and perform other tasks
• Lack of validation about what services are going to be a successful or not
• Vendor Lock-in: Understand your choices when building your system
• Pervasiveness and challenge of containerization and Kubernetes
• Cloud reduces cycle time and effort to bring a product to market
• Amazon is a game changer with what it allows you to do and solve problems

Links:

• Pete Cheslock
• Digital Ocean
• Threat Stack
• AWS
• re:Invent
• Kubernetes