security | TechWell

security

Cloud Security Operationalizing Cloud Security with Policy-as-Code

Josh Stella explores why PaC is critical to validate that large, complex cloud infrastructure environments adhere to industry compliance standard and internal policies.

 

Josh Stella's picture
Josh Stella
Technical due diligence 3 Critical Considerations for Technical Due Diligence

Technical due diligence is the process of verifying a company’s technical capabilities, quality, and processes. It is typically performed by investors or buyers before a contract. There are many aspects you can investigate, but three are crucial: a code review, security evaluation, and open source components compliance.

Gilad David Maayan's picture
Gilad David Maayan
Computer screen showing emergency alert about the coronavirus Lessons the Software Community Must Take from the Pandemic

Due to COVID-19, organizations of all types have had to implement continuity plans within an unreasonably short amount of time. These live experiments in agility have shaken up our industry, but it's also taught us a lot of invaluable lessons about digital transformation, cybersecurity, performance engineering, and more.

Mukesh Sharma's picture
Mukesh Sharma
Chess king left standing with other fallen pieces around it Choosing the Right Threat Modeling Methodology

Threat modeling‍ has transitioned from a theoretical concept into an IT security best practice. Choosing the right methodology is a combination of finding what works for your SDLC maturity and ensuring it results in the desired outputs. Let’s look at four different methodologies and assess their strengths and weaknesses.

Alan Crouch's picture
Alan Crouch
Silhouette of person unlocking a door with keys Shifting Security Left in Your Continuous Testing Pipeline

Security is often the black sheep of testing—an afterthought that gets only a scan before release. We have to make security a first-class testing citizen with full-lifecycle support. For the best impact, introduce security testing into the early phases of the continuous testing pipeline. Here are some tools to help.

Glenn Buckholz's picture
Glenn Buckholz
Hacker typing on a backlit computer keyboard Cybersecurity Consciousness during COVID-19

As we all deal with COVID-19 across the globe—medically, economically, and professionally—there are plenty of lessons to discover. There is also a lot to learn when it comes to cybersecurity. More people moving toward working from home means more opportunities for hackers to strike, so we must be smart and vigilant.

Rajini  Padmanaban's picture
Rajini Padmanaban
DJ Schleen Best Practices of the DevSecOps Elite: A Slack Takeover with DJ Schleen

Thought leaders from the software community are taking over the TechWell Hub to answer questions and engage in conversations. DJ Schleen, a DevSecOps advocate, hosted this Slack takeover and discussed all things DevSecOps, including challenges to integrating security into your practices and getting management support.

Kelly McGee's picture
Kelly McGee
Encrypted code on a computer screen Cybersecurity Tips for Project Managers

A project manager must be aware of the dangers the software faces if they are to be effective in its defense while managing their project. A lot of the data they're dealing with can be extremely sensitive. Let’s look at some tips that every project manager should pay attention to in order to protect their project.

Douglas Parker's picture
Douglas Parker