Category Archives: DevOps

Security As Code at Cloud Security World

Ed Bellis    May 28, 2015

Last week Jason Rohwedder and I had the privilege of presenting a cloud automation use case at Cloud Security World. Our talk not only covered how we automate much of our security at Risk I/O, but how we use DevOps principles to ensure our security controls are consistent even at a high velocity. While we have spoken about some of… Read more »

Vulnerability Management for the Midsize

Ed Bellis    March 19, 2015

It’s not fair. The big companies have the teams, the tools, and the processes required in order to run a best-in-class vulnerability management program. But guess what? The bad guys don’t care about how big you are. In fact, non-targeted exploits accounted for 75% of the breaches from Verizon’s 2013 Data Breach Investigation Report—meaning even mid-sized companies are equally or… Read more »

Mitigating Application DoS: SecTor Conference Talk

rhuber    October 14, 2013

I was recently invited to speak at one of my favorite security conferences, SecTor in Toronto. Many thanks to Risk I/O for giving me some official time to work on this side project over the last month (side note: we are hiring!). This blog post will summarize my SecTor presentation on application Denial of Service attacks. Application DoS has seen… Read more »

Development in the Cloud, or Cumulus Capable Clowders of Cats

jro    September 10, 2013

An old colleague of mine likened managing engineers to herding cats. I’m not so sure about herding engineers, but managing development environments quickly becomes an exercise in organizing chaos. Every engineer has different needs and a different way of doing things. During a recent data-center migration we moved all of our development environments to the AWS Cloud. Since it turned out to be one… Read more »

Open-Source Security Contributions

Mike    May 23, 2013

Today, I want to write a followup to my previous post about open sourcing security. Specifically, it focused on a TED Talk describing an amazing experiment in which a recently diagnosed Mr. Iaconesi had open sourced his medical records in an attempt to decipher his condition using the greater good of the open-source community. Obviously, cancer and security in the technology… Read more »

Rapid Prototyping the ModSecurity Application Firewall with Chef

jro    October 17, 2011

“America is all about speed. Hot, nasty, bad-ass speed.” – Eleanor Roosevelt, intro to Talladega Nights Here at Risk I/O we’re really, really big fans of speed,.. and data. Given the right data you can make good decisions very rapidly. It’s one of the core values we try to build into each release of Risk I/O. With that in mind, we… Read more »

Turn it up to eleven!

jro    July 25, 2011

Around here, everything needs to be done yesterday, so we really, really hate wasting time! Since we never want to waste your time, we’ve taken the performance and robustness of our site and, in the words of Christopher Guest in the movie Spinal Tap, turned it all the way up to eleven. On the performance side, we spent some time… Read more »