This is the first in a series of books tracking changes and discoveries within the DevSecOps Community. The stories are by people who have been sloshing around in the swamps of software development for years, figuring out how things work, and most importantly, why things didn’t work.

“For the (ISC)² Cybersecurity Workforce Study (formerly the Global Information Security Workforce Study), we talked to cybersecurity pros as well as IT pros who spend at least 25% of their time working on cybersecurity activities. This report explores the findings of that research, illuminating the cybersecurity skills gap by revealing the trends, elements, and impact, all of which can be used to inform the steps organizations and individual cybersecurity pros can take to address this troubling progression.”

This report takes you inside the mind of a hacker.

This report answers some questions about Bug Bounty organizations.

This research presets a list of vectors commonly used by attackers to compromise internal networks after achieving initial access. It delivers recommendations on how to best address the issues. The goal is to help defenders focus efforts on the most important issues by understanding the attackers’ playbook, thereby maximizing results.

This technical white paper describes a new approach to identifying your most critical web application vulnerabilities faster and at lower cost.

This Infographic lays out details of the State of Security Operations. It reveals data that discusses how much time and budget are being spent on cybersecurity issues.

In this report they look at incidents that occurred between October 2016 and September 2017.

This report discusses the Security Operations Center and how it is being architected in organizations with some consensus on what should be done. The paper details the issues and problems that need to be resolved as this area of expertise continues to grow.

As the threatscape continues to evolve rapidly in both sophistication and scale, the need to protect organizations’ intellectual property, operations, brand and shareholder value, in addition to their customers’ data, is ever more critical. But how do organizations build controls for the security risks they don’t even know about yet?

DevOps and security leaders recognize that DevOps requires a fresh approach to security that mitigates risk and uncertainty without impairing velocity. This e-book presents six guiding principles for enabling DevOps security at scale.

This report provides a walkthrough of creating an Incident Response Plan.

This paper discusses the top 20 Center for Internet Security (CIS) Critical Security Controls (CSC) come into play, providing organizations with 20 key controls that they can implement to mitigate some of the threats they are facing.

This white paper offers you a strategic framework that can help your organization manage the complexity of GDPR and build an ongoing compliance program.

This report takes a look at the reality that even though we spend lots of money to protect people from targeted attacks, they still continue to happen. Why are we missing the mark, and what can we change?

This is a transcript of a February 2018 US Senate meeting that discussed Data Security and the hacking community.

Under most tested scenarios, Core Impact users can expect a notable reduction in both operator time and total elapsed time when performing common penetration testing tasks. This whitepaper presents the repeatable methodology and testing protocol used in our study.

As we approach critical mass of hacker-powered security, read on to learn more about best practices of starting and running effective disclosure and bug bounty programs, and get to know some of the stories and stats about the hackers themselves.

This small article discusses the importance of your organization getting ahead of phishing email campaigns.

From the report, “While I call this document a ‘getting started guide,’ regardless of your program’s maturity I think you’ll find some helpful hints regarding the people, process, and technology that can elevate your mobile app security program to the next level.”

This report examines the broadest platform data set available and explains why organizations like General Motors, Starbucks, Uber, the U.S. Department of Defense, Lufthansa, and Nintendo have embraced continuous, hacker-powered security.