Year: 2013
Upcoming Talks: ISC2 Congress 2013
Looks like I get to go to the land of deep dish pizza (Chicago) at the end of the month to speak at the 2013 (ISC)² Congress. I’ll be giving two talks:
3340: (ISC)² – The Five W’s of Securing Dev/Test Cloud Instances
Wednesday, September 25, 2013: 4:30 PM-5:30 PM
S106b – Cloud Track
Software developers, engineers and quality assurance/testers are spinning up cloud servers outside of IT’s control, and, generally speaking, security is the last thing on their mind. Business leadership and product owners typically turn a blind eye to this practice, often referred to as ‘Shadow IT’, because the business knows that letting the software people get their job done faster ultimately results in software getting delivered faster. What many organizations might not know, however, is that this expedited process, often implemented in the name of ‘Agile Development’ or ‘DevOps’, has the potential for increasing organizational security risks.
and
4340: (ISC)² – When Lightspeed’s Too Slow: Security Automation At Ludicrous Speed
Thursday, September 26, 2013: 3:30 PM-4:30 PM
S106b – Cloud Track
Deploying new or migrating existing applications to cloud architectures introduces a host of new challenges for teams responsible for SaaS product success. Being able to prove to existing and future customers that the servers, applications and customer data are just as safe and secure in a SaaS offering as they were in the organization’s datacenter is almost always a mandatory customer requirement. This session will highlight the business and technical requirements for SaaS product success as well as the new concerns introduced by adopting cloud to deliver products.
Hopefully I’ll see you there 🙂
Interns Wanted
Our CloudPassage team is growing and I’m looking for 3 interns in the Bay Area to come work with me for a semester to help make our award winning product a bit better. This is an excellent, and paid, opportunity to work with the hottest cloud security startup. Here is what I’m looking for:
Internship #1:
We are looking for a Security Integration Developer intern who loves to build tools to enhance our award-winning Halo product. Our product is not only known for its depth of security technology but also for its comprehensive breadth of capabilities that include software vulnerability reporting, software configuration management, file integrity monitoring, server access and dynamic host-based firewall management — each specifically built for cloud computing. The intern would be responsible for developing tools and scripts to help our customers integrate with our flagship product, Halo, build custom tools to help win sales opportunities, and internal tools to automate security policy content creation.
Internship #2:
We are looking for a Security Content Analyst intern who loves to analyze requirements and create security policies (content) for our award-winning Halo product. Our product is not only known for its depth of security technology but also for its comprehensive breadth of capabilities that include software vulnerability reporting, software configuration management, file integrity monitoring, server access and dynamic host-based firewall management — each specifically built for cloud computing. Developing policy templates for these core services will be your focus. We support both Linux and Windows operating systems and their applications, therefore a broad knowledge of best practices and compliance requirements for securing these systems is a must have skill.
Internship #3:
We are looking for a Security Vulnerability Analyst intern who loves to analyze current and past CVEs for various Linux and Windows operating systems that are hosted in private or public cloud infrastructures. The analyst’s results will directly feed into our award-winning Halo product to improve our customers’ ability to manage know vulnerabilities in their cloud-based infrastructure. The analyst will also help QA our Halo Software Vulnerability Assessment (SVA) module as well as other security modules as requested. This is an excellent opportunity to have an impact on the security community in general and to help CloudPassage customers directly.
If you’re interested, are currently a student, and live in the Bay Area, please send an email to:
NGINX adds commercial edition
According to GigaOm, the NGINX web server, which has been adopted by a growing number of users and currently challenges Microsoft for the number two spot, is now going commercial with a new NGINX Plus release. “The commercial version wraps new features including advanced monitoring, application health checks and dynamic configuration and management around a Service Level Agreement” said Nginx Inc. CEO Gus Robertson.
Though GigaOm reports that the price for the new offering is a surprisingly high $1,350 per instance per month, the NGINX website tells a different story. As you can see from the NGINX Plus page the price of the new edition is $1,350 per year for standard support and $2,700 per year for premium support.
In my opinion, this was an inevitable move for the company. NGINX raised its first $3m round in 2011 from e.ventures, Runa Capital, and MSD Capital and investors eventually want to see some ROI (I know, right?). I mean Netcraft rankings are good and all, but it doesn’t put money back into the VC pockets.