The startup’s guide to securing your infrastructure
Eric
Running tech at a startup is a hard job. You’re on a shoestring budget, if you even have one. You’re constantly understaffed. Everyone needs that new feature or server set…
How to manage security debt as a startup
What do you know about security debt? As the leader of a software startup, you’re probably familiar with the concept of technical debt. Technical debt is where your team makes…
What is a Content Security Policy (CSP) and why is it important?
Trust is the fundamental currency of the internet. You trust your service provider that they’ll continue to maintain your internet access. Your developers trust your architecture provider when they say…
What is chaos engineering and why does it matter?
The big day is finally here. That project your team has been working on for the last six months? It’s launching today. A little giddy with anticipation, the team monitors…
An overview of the CIS 20: a security foundation for your organization
One of the more common mistakes that I see organizations make on digital security is ignoring free resources that can help their business level up. This is rarely intentional. Instead,…
The most common types of ATO attacks
As a security owner, you need to protect your users against a wide variety of attacks. Many engineers spend a great deal of time focusing on big-picture attacks. They want…
5 security best practices for Java
When it came along in the mid-1990s, Java promised a revolution in programming languages. At the time, a great deal of business programming took place in C or C++. Anyone…
How to choose the right pentester for you
There are a variety of reasons your company might look to hire a penetration tester. For many companies, their first foray into penetration testing comes at the request of a…
Top 10 security traps to avoid when migrating from a monolith to microservices
Your team is thinking about migrating from a monolithic architecture to microservices. You’re intrigued. The promises of additional scalability and more predictable deployments sound nice. You’ve also been down this…
Your Company Was Just Breached. Now What?
So, your company has suffered a security breach, and your team didn’t have a data breach plan in place to handle it. That’s bad news, but take a deep breath.…