Captain's Log, Stardate 2021.12.17


Captain's Log is a weekly feature highlighting cool and interesting things we've seen this week. 

How to create an NFT — and why you may not want to
The Verge / Mitchell Clark

NFTs have been a cultural phenomenon throughout 2021, constantly making headlines as celebrities dabble in the space and as shenanigans, scams, and legal fights ensue. With some creators making millions off NFTs, though, it’s understandable why you’d want to try your hand at it or play around with the tech to get a better feel for it.

We’re going to go over how to create an NFT using two of the most popular marketplaces, but before we get to that point, let’s cover some of the basics of what an NFT is and the decisions you may have to make before deciding to sell one. (If you’re relatively up to speed, you can go to Step 3 to begin the journey of actually creating a token.)

Read the full article on The Verge...2021-12-17 Captains Log JupiterOne - 01

Rise in API-Based Attacks Underscore Investments in New Tools
DarkReading / Fahmida Rashid

Enterprises increasingly rely on application programming interfaces (APIs), which allow applications and websites to access data from multiple sources and to incorporate new functionality from third-party platforms. While APIs help organizations expand their digital offerings, they also pose significant security risks for organizations.

Without proper security controls in place, attackers can abuse APIs and siphon off data from applications. High-profile incidents over the past year include scraping user data from the social media site Parler via an API call manipulation and using an accidentally exposed token to harvest full contact details of 50 million LinkedIn users. Improperly configured APIs led to Peloton accidentally exposing user data and Experian leaking credit scores.

Read the full article on DarkReading...2021-12-17 Captains Log JupiterOne - 02

CAASM Should Be an Early Security Investment in Every CISO’s Playbook
JupiterOne / Jasmine Henry

CAASM - pronounced like chasm - is a natural evolution of security principles for asset inventory, cloud security posture management (CSPM), and other security guidelines in the market today. Unlike these predecessors, however, CAASM is tailored to highly-dynamic modern cloud workloads. It is the first answer for a world of workloads that are much more distributed, immutable, and ephemeral than yesterday’s legacy systems.

CAASM is a key early investment for security programs because it creates a paved road for security - an idea introduced by Netflix to describe creating a path of least resistance for secure habits. Adherence to the principles of CAASM can establish a secure baseline for security, DevOps, compliance, and leadership teams by creating visibility into the entire ecosystem. Context-rich visibility is the basis for data-driven decision making at all levels of the organization.

Read the fill article on JupiterOne...2021-12-15 Early Investment - JupiterOne - Featured Image

What cybersecurity can learn from health and wellness
betanews / Erkang Zheng

The current cyberthreat landscape can feel like a dark cloud hanging over the head of every organization, the same way Covid loomed over us for so long. But just as advances in health have offered light at the end of the tunnel for the pandemic, new approaches to cyber wellness can help us stay healthy and secure in the digital realm.

By taking proactive measures to ward off digital diseases like ransomware, and fighting off any infections that do occur through individually tailored therapies and treatments, we can go about our business with confidence, feeling and performing our best. 

Read the full article on betanews...
2021-12-17 Captains Log JupiterOne - 04

AWS exec: ‘Embrace more automation’ to boost cloud security
VentureBeat / Kyle Alspach

A key priority for Amazon Web Services in 2022 will be around expanding the use of automation for cybersecurity, enabling customers to increase the security of their cloud environments through “automation at scale,” an AWS executive told VentureBeat.

Given the complexity of cloud environments, AWS is doing the right thing by increasing its emphasis on automation for security, said Tyler Shields. “When you create an automated system of managing that level of complexity is when you hit the highest levels of modern cybersecurity."

Read the full article on Venture Beat...2021-12-17 Captains Log JupiterOne - 05


Captain's Log, Stardate is an ongoing series, published every Friday, highlighting interesting cyber news from the past week. To continue the discussion on any of these topics, join us on Slack


Posted By Mark Miller

Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain.

Mark actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne.

As well, Mark is Executive Producer of the DevSecOps Podcast Series (300K+ listens), and the Executive Editor of the LinkedIn DevOps Group (124K+ members).

To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.


cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.