The Complete Guide to SecDataOps and Vulnerability Management on AWS

SecDataOps.

Learn it. Love it. Live it.

Tattoo it on your forehead. Put it on a billboard. Make t-shirts.

After you read Jonathan Rau’s manifesto e-book we wouldn’t blame you for doing any of those things...

SecDataOps and vulnerability management are complex and opinionated fields with many approaches but this is your guidebook. From the Eagle Scout of SecDataOps.

Now what’s included in these 70+ pages?

  • The history and background of vulnerability management (referred to as TVM, or Threat & Vulnerability Management)
  • Outline of formative technology services in the AWS Cloud
  • A tactical walkthrough of specific data capture tasks
  • Definition of data engineering and architectural considerations
  • Key Risk Indicators (KRIs) for your security program as well as operational excellence metrics for demonstrating maturity of a SecDataOps program
  • Code snippets, and links to complete code examples using Python 3.9 and the AWS Software Development Kit (SDK) for Python, named Boto3.

Basically an entire manual built for you to level up your vuln management in AWS and implementing a SecDataOps mindset.

We don’t call it the complete guide for nothing. It’s both parts theoretical hands-on guidance for security and data leaders. 🙌🏻

While Lightspin is a graph-based Cloud Native Application Protection Platform (CNAPP) that provides TVM capabilities for virtual machines, containers, and Kubernetes clusters – this entire ebook is oriented around AWS-native services and solely on virtual machines of any kind running on AWS’ Infrastructure-as-a-Service solution: Amazon Elastic Compute Cloud (EC2) and will not cover container or software dependency-related TVM activities.

Many of the metrics, data engineering, and enrichment should be compatible with any vendor tool you may use.

Jonathan has outdone himself. Download the guide to see what we mean. Put the code snippets into practice (maybe roast his Python skills while you’re at it) and share the #SecDataOps gospel on LinkedIn, Twitter, or your local coffee shop.

See you in the cloud, friends.