Posts Authored By

Josh Stella

August 1st, 2019

10 minute read

UPDATE: August 26, 2019Since posting this, AWS has made some public statements regarding the breach that shed some light on what likely happened. From their response to Senator Ron Wyden, AWS stated:"As Capital One outlined in their public announcement, the attack occurred due to a misconfiguration error at the application layer of a firewall.

June 27th, 2019

6 minute read

In the last part of this series, we're going to look at the final stages of the software development life cycle (SDLC)—deployment and operations. As a reminder, in parts one and two, we discussed the overall concept of shifting left for security and compliance, and laid out some best practices for how to do so during the development and testing.

May 24th, 2019

4 minute read

In an earlier blog post, we discussed at a high level how security can shift left regarding cloud infrastructure. In this post, we'll drill in with more detail on how this can be done through the discrete phases of the Software Development Life Cycle (SDLC), beginning with the development phase, and extending through testing, and ultimately all.

April 17th, 2019

4 minute read

We're hearing a lot about “shifting left” these days in the industry, and like most popular terms the meaning can be hard to pin down, and some of the implications buried. This post will focus on how to shift security and compliance left in cloud computing. These two functions are closely related, but the operational aspect of each is quite.

March 7th, 2019

3 minute read

 

There is a lot of talk about DevSecOps these days, and we've been working in the area for years now and have learned some things that work and some that don't. First, we'll give you our view on what DevSecOps is, and then we'll make a few recommendations on how to start doing it and get real results in an hour or two!

 

February 13th, 2019

5 minute read

 

 

A lot of folks have realized that manually fixing cloud infrastructure to correct security and compliance issues is just too slow and error prone to handle the threat landscape on the cloud. An increasingly common approach to speeding up remediation these days is to use cloud functions, such as AWS Lambda or Azure Functions, connected to a.

August 8th, 2018

10 minute read

Two years ago, I wrote a blog post that got some notice, which surprised me. It was a piece about going back to Emacs as my primary content creation tool, first as a CEO, and now as a CTO. A brief recap is that I spent most of my career as a programmer and a software architect, and preferred Emacs as my code editor for much of that time..
July 17th, 2018

1 minute read

In late November of 2017, I informed Fugue's Board that I intended to lead a search for a new CEO. We had a substantial amount of money on the balance sheet, some really impressive customers, a solid product, and a highly motivated team - many of the things needed to attract a world class CEO. My passion has always been for technology and team.
April 5th, 2017

7 minute read

This article was first published in DZone's Cloud Zone on April 3, 2017.

 

The repercussions of recent cloud outages—AWS’s S3 crash and Azure’s Active Directory cascading failure—linger in IT departments and manifest in revenue loss. But, the bigger story is that the next outage is around the corner—unpredictable, coming to get us on a random.

November 22nd, 2016

2 minute read

Harry Weller, General Partner leading NEA’s east coast venture practice, passed away unexpectedly on November 19, 2016. Please see NEA’s words for Harry.

 

J. R. R. Tolkien, one of Harry’s favorites, said, “A safe fairyland is untrue to all worlds.” Harry never counted on life or decisions or business being safe. He looked into this world and.

Jump to Page

1 2 3
New call-to-action

Secure Your Cloud

Find security and compliance violations in your cloud infrastructure and ensure they never happen again.