Security infrastructure as a service (SIaaS) is an engineering-centric, infrastructure-first approach to cybersecurity—and is at the heart of everything we do at LimaCharlie. In this post, we’ll explain more about what SIaaS is, why it’s important, and how it differs from legacy models of cybersecurity.
Introduce yourself and tell us what you do for your day job. My name is Dr. Joseph J. Burt-Miller Jr. I currently serve as Assistant Project Manager at the Department of Homeland Security. One of my main duties is handling the risk management piece for projects, so interacting with contractors and our risk owners, ensures that our risks are tracked and mitigated. Anything that needs immediate attention I bring to my leadership, my project manager and program manager, etc.
Another month rolls off the calendar with lots of exciting things happening at LimaCharlie. The team was on the ground at Blue Team Con which was a great experience. The most exciting thing this month would have to be the addition of Matt Bromerly to the team. Matt is joining LimaCharlie as a Lead Solutions Engineer/Developer Relations. He has deep experience and a passion for working with organizations to solve their cybersecurity challenges.
Introduce yourself and tell us what you and your company does. My name's Jonathan Haas, I'm the CEO and co-founder of ThreatKey. ThreatKey is a security posture management platform. Essentially, what that means is we help businesses secure themselves and identify which things they should be prioritizing amongst their various business tools. Things like AWS, GCP, or SaaS product like Google workspace, Microsoft 365 65, etc.
My name is Whitney Champion and I'm the lead architect and one of the co-founders of Recon InfoSec. Basically I'm responsible for building and maintaining our security stack, our applications, and also our training platform: The Network Defense Range, or NDR. We're a managed security services provider, and we're based out of Austin, Texas. There are roughly 15 of us and we provide managed detection and response services and training.
It’s common to hear people talk about taking “an engineering approach” to cybersecurity. But what does this actually mean? How does it differ from the legacy model of cybersecurity? And what are the benefits to the enterprise?
We have most certainly been adding fuel to the fire, this is easily the biggest update we have had all year! We continue to add team members and our engineering capability is growing. The list of improvements and new capabitliite is too much to try and summarize, you will have to read the release notes below.
We all know how hard it is for companies to fill open cybersecurity positions. But is the situation improving? What are the root causes of the problem? And most importantly—what can be done about it?
CI/CD pipeline attacks are a growing threat to enterprise security. In this article, we’ll provide an overview of CI/CD for non-developers, discuss the cybersecurity issues involved, and offer some recommendations for developers, companies, and security teams.
The team at LimaCharlie continues on its mission to develop the concept of Security Infrastructure as a Service. We added three new team members during the month of June with more coming! We also hosted a webinar on securing your CI/CD pipeline built around some new capabilities we added which allow for the ingestion and monitoring of GitHub audit logs. You can watch a recording of that webinar here: SecDevOps & LimaCharlie - Automating and auditing of GitHub access
