Matt Hathaway

Picture of
After ten years in information security product management, I empathize with the pains faced by today’s infosec professionals. My determination to do right by the infosec community combined with my love of behavioral economics that feeds my obsession to "drop the buzzwords and focus on the real problems".
Find me on:

Recent Posts

How Osquery Helps Secure Your Cloud with These Two Critical CIS Benchmark Controls

Posted by Matt Hathaway on 9/6/18 9:09 AM

Two of the 6 basic security controls, according to the Center for Internet Security, are focused on the current state of your assets. Assessing the state of your assets has been a priority for years, but the old means aren’t as effective in modern infrastructure as they were on legacy systems. These two critical controls - Continuous Vulnerability Management and Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers - are a foundational part of any security program, but you’ll run into implementation challenges if you simply drag legacy tools into a cloud environment. That’s why osquery, a light weight and cloud friendly universal agent, is quickly becoming the go-to for helping to secure cloud workloads, in part through the effective application of these two critical controls. Let’s explore how.

Read More

Topics: CIS Benchmark, osquery, continuous monitoring, cloud monitoring, cloud security

Black Hat USA 2018: Targeted Threat Hunting, Managed Everything, Serverless Security and Other Trends

Posted by Matt Hathaway on 8/20/18 8:38 AM

Quenching your thirst in the desert is a major challenge, but seeing everything at BSides Las Vegas and Black Hat is even more difficult.

While I am there every year, hydrating, I try to take note of the innovation I see. Luckily, the Black Hat team has named Innovation City to make it a little easier on me, so I started there and walked the full business hall to ask questions and listen. This year, I took note of a few key themes.

Read More

Topics: Insider

Cloud Workloads: Not the same ol' endpoints

Posted by Matt Hathaway on 5/17/18 9:17 AM

This may sound like common sense to developers, but securing the assets in your cloud requires you to recognize just how different a cloud workload is from a user asset. While the high level strategy is nothing new, legacy solutions cannot simply be repurposed in your cloud due to some very straightforward barriers to each fundamental goal.

Read More

Topics: continuous monitoring, cloud monitoring, cloud security

Is your Mac fleet secure? Tackling the myth of inherent mac security

Posted by Matt Hathaway on 4/19/18 3:38 PM

There’s a dangerous myth among some Mac users that, unlike Windows, the platform is impervious to malware. Since nothing is bulletproof, it would be dangerous to assume Mac fleet security, so let’s recognize why Macs have historically been low risk and why that looks to be changing.

Read More

Topics: macOS, mac edr

Infrastructure Management Has Evolved - Has Your Continuous Monitoring?

Posted by Matt Hathaway on 4/3/18 9:18 AM

Despite there being hundreds of software solutions focused on monitoring, today’s operations professionals lack the assessment and detection coverage they need in their CI/CD infrastructure. Software applications have reached an inflection point in the pace at which businesses are evolving their operations, and so a new approach is needed for continuous monitoring.

Read More

Topics: osquery, continuous deployment, CI/CD

Uptycs Blog | Cloud Security Trends and Analysis

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you'll enjoy our blog enough to subscribe, share and comment.

Subscribe for New Posts

Find Uptycs Everywhere

Recommended Reads