Blog2018-10-17T19:37:43+00:00

Something You Probably Should Include When Building Your Next Threat Models

We are working on our threat models here at DisruptOps, so I decided to refresh my knowledge of different approaches. One thing that quickly stood out is that nearly none of the threat modeling documentation or tools I’ve seen covers [...]

By |November 12th, 2018|How To's, Tips & Tricks|0 Comments

Three of the Most Crucial Sections That Make Up the DevSecOps Roadmap

As I mentioned in our (DevSec)Ops vs. Dev(SecOps) post, we’ve been traveling around to a couple of DevOpsDays conferences presenting our Quick and Dirty DevSecOps talk. One of the things I tend to start with early in the talk is the fact that, like DevOps, [...]

By |November 6th, 2018|Cloud Management|0 Comments

The 4 Phases to Automating Cloud Management

A Security Pro’s Cloud Automation Journey Catch me at a conference and the odds are you will overhear my saying “cloud security starts with architecture and ends with automation.” I quickly follow with how important it is to adopt a [...]

By |October 30th, 2018|Cloud Automation, Cloud Management, How To's, Operations|0 Comments

Consolidating Config Guardrails with Aggregators

In Quick and Dirty: Building an S3 guardrail with Config we highlighted one of the big problems with Config: you need to set it up in each region of each account. Your best bet to make that manageable is to use infrastructure [...]

By |October 22nd, 2018|Amazon, How To's, Operations, Security|0 Comments

Quick and Dirty: Building an S3 Guardrail with Config

In How S3 Buckets Become Public, and the Fastest Way to Find Yours we reviewed the myriad of ways S3 buckets become public and where to look for them. Today I'll show the easiest way to continuously monitor for public [...]

By |October 19th, 2018|Amazon, How To's, Operations, Security|0 Comments

DisruptOps Introduces Cloud Management Platform for Automated Security and Operations

Company secures $2.5 million seed round investment led by Rally Ventures Kansas City, MO — October 17, 2018 DisruptOPS Inc. today introduces its SaaS-based cloud management platform to implement automated control of cloud infrastructure.  Through the continuous assessment and enforcement [...]

By |October 17th, 2018|Press Releases|0 Comments

How S3 Buckets Become Public, and the Fastest Way to Find Yours

In What Security Managers Need to Know About Amazon S3 Exposures we mentioned that one of the reasons finding your public S3 buckets is so darn difficult is because there are multiple, overlapping mechanisms in place that determine the ultimate [...]

By |October 9th, 2018|Operations, Security|0 Comments

What Security Managers Need to Know About Amazon S3 Exposures (2/2)

Continuing from "What Security Managers Need to Know About Amazon S3 Exposures (1/2)"... In our first post we discussed how the exposure of S3 data becomes such an issue, and some details on how buckets become public in the first [...]

By |September 14th, 2018|Amazon, Security|0 Comments

What Security Managers Need to Know About Amazon S3 Exposures (1/2)

The accidental (or deliberate) exposure of sensitive data on Amazon S3 is one of those deceptively complex issues. On the surface it seems entirely simple to avoid, yet despite wide awareness we see a constant stream of public exposures and [...]

By |August 16th, 2018|Amazon, Security|0 Comments