<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">
blog /
9 Tips for an Effective Security Incident Response Policy (SIRP)

9 Tips for an Effective Security Incident Response Policy (SIRP)

Important core concepts within the SIRP so that you understand the purpose of this policy before writing your own.
Token Security Podcast | Senior Engineering Director at Zymergen on Code Reviews

Token Security Podcast | Senior Engineering Director at Zymergen on Code Reviews

At Token Security our goal is to teach the core curriculum for modern DevSecOps. Each week we will deep dive with an expert so you walk away with practical advice to apply to your team today. No fluff, no buzzwords. This week Jeff Burkhart, Senior Engineering Director at Zymergen talks code reviews, code review fatigue, and what to do when agile becomes tedious.
How To Prepare For Your First SOC 2 Audit A 30-90-120 Day Plan

How To Prepare For Your First SOC 2 Audit A 30-90-120 Day Plan

Despite thousands of articles, there’s shockingly little actionable advice to help startups complete SOC 2. One area that usually requires some remediation is access controls. Most teams don’t have answers when auditors ask “who has access to a specific database or server and what queries did they execute?” That’s why we started strongDM- to manage and monitor access to every database, server, & environment.
How to SSH Through Bastion With Key | Part 2 - Tutorial

How to SSH Through Bastion With Key | Part 2 - Tutorial

How to create an SSH key for your bastion host and ways you can streamline the bastion host login process without compromising the security of the key.
How to Create a Bastion Host | Part 1 of a Step-by-step Tutorial

How to Create a Bastion Host | Part 1 of a Step-by-step Tutorial

Step-by-step instructions on how to create a bastion host plus how to create an audit trail by logging SSH commands.
Daniel Leslie Director of Security Intelligence & IT Operations at Namely on the Human Side of Security

Daniel Leslie Director of Security Intelligence & IT Operations at Namely on the Human Side of Security

This week we are joined by Daniel Leslie at Namely who shares his take on the human side of security, and what security at scale looks like for his team. Max, Justin, and Daniel discuss the 3 core things to good company-wide security: psychological safety, vulnerability, and purpose. You have to address these things in a comprehensive manner.
Token Security Podcast | Alan Daines Chief Information Security Officer at FactSet on Phishing

Token Security Podcast | Alan Daines Chief Information Security Officer at FactSet on Phishing

In this episode Max Saltonstall and Justin McCarthy are joined by Alan Daines, Chief Information Security Officer at FactSet to talk about phishing, educating on it, and defending against it.
What is Data Center Security & 4 Ways to Improve

What is Data Center Security & 4 Ways to Improve

Data center security refers to the protection of data centers against threats such as cyber-attacks, natural disasters, and human error. The number of data centers has increased significantly over the last decade, and so has the amount of security-related disasters. In 2022, the global data center ...
Token Security Podcast | Johnathan Hunt, VP of Information Security at InVision Talks Secure Code

Token Security Podcast | Johnathan Hunt, VP of Information Security at InVision Talks Secure Code

In this episode Max Saltonstall and Justin McCarthy are joined by Johnathan Hunt, VP of Information Security at InVision to talk about pen testing, bug bounty programs, and secure code.
How to Write Your Software Development Lifecycle Policy

How to Write Your Software Development Lifecycle Policy

A staggering amount of cybersecurity breaches are caused by software vulnerabilities. From the early worms of the 1980s through the early 2000s - like Blaster, Code Red, and Melissa - to the notable Petya and WannaCry of the past few years, these vulnerabilities are all rooted in software flaws that allowed systems to be exploited. A software development lifecycle (SDLC) policy helps your company not suffer a similar fate by ensuring software goes through a testing process, is built as securely
Token Security Podcast | NYC Cyber Command

Token Security Podcast | NYC Cyber Command

This episode Max Saltonstall sits down in Manhattan with Quiessence Phillips, Deputy CISO and Head of Threat Management, City of New York and Colin Ahern, Deputy CISO, City of New York.
Token Security Podcast | Andrew Mulholland, Head of Core Infrastructure at BuzzFeed

Token Security Podcast | Andrew Mulholland, Head of Core Infrastructure at BuzzFeed

In this episode Justin McCarthy sits down with Andrew Mulholland, head of core infrastructure at BuzzFeed to talk about security incident response, remote access policy, and a money-back guarantee for OSS.
Disaster Recovery Policy | 5 Best Practices

Disaster Recovery Policy | 5 Best Practices

The first step in this policy is to define the critical processes and assets necessary for you to maintain minimum business functions after a disaster.
Defining Your IT Vendor Management Policy

Defining Your IT Vendor Management Policy

As you work through the rigorous SOC 2 requirements, it is easy to get tunnel vision because so much of your work focuses on protecting your customers and their information. But what about the vendors you work with? Do you have a third-party IT vendor management strategy to address the risks they bring to your organization?
Infrastructure access app UI
Connect your first server or database in 5 minutes. No kidding.