For today’s remote workforce, security professionals need technical security awareness education distinct from the rest of the company’s “don’t click a phishing link” training. Security analysts know how to recognize phishing emails and set secure passwords. However, where does that leave them when it comes to security awareness month?

Maintaining an online business presence nowadays means that malicious actors are going to target and likely exploit any application vulnerabilities they can find sooner or later. According to the 2021 Mid Year Data Breach Report, although the number of breaches has declined by 24%, the staggering number of records that were exposed (18.8 billion) means that there is still room for improvement.

As cyberattacks become more sophisticated across ever-expanding attack surfaces, it’s easy to assume the security team will take care of risk management and mitigation. Indeed, employees—both within the agency and across the contractor community—are one of the greatest risks to the government’s security postures.

CFEngine and Ansible are two

Bubble wrap®. That obsessively addictive plastic material, made up of hundreds of small air-filled bubbles we all love to squeeze. Although I tend to think of Bubble Wrap as the original fidget toy—melting away our anxieties with every satisfying pop—most people associate it with helping to protect their most precious collectibles when in transit or being placed in long-term storage.

In my interactions at industry events like AWS re:invent and KubeCon, I talk with a lot of developers. Devs often tell stories of things that prevent them from working quickly and efficiently. Many involve frustrating interactions with sys admins, SREs, or DevOps colleagues. One story I have heard several times involves a conversation like this: dev: Hey, SRE team. My build is failing and I don’t know what’s happening with the app in the build node.

Like a football or soccer team, security also has two lineups that must be continuously managed. One lineup involves protecting the digital assets and data of a business. The other: managing the security risk and vulnerability exposure of these environments and endpoints. The tension between these two lineups keep security and IT very busy. There is a critical shortage of expert security professionals, which means no expanding the bench of talent, even if you can afford it.

Since we launched Puppet Comply last year, we’ve been working hard to build out the solution’s capabilities so that we can provide our customers with more options in implementing a continuous compliance program, and become more proactive and efficient in how they manage compliance. A key activity in any strong continuous compliance program is remediation.