Prove you are not human -- Take the ACME Challenge
Automating internet security with the Let’s Encrypt certificate authority has led to the massive acceleration of safe web browsing. As we roll out ACME protocol support and give away some free hoodies, we want to thank Let’s Encrypt and the IETF for making it all possible.
Trust Anchors In Modern Systems; Don’t Overlook The Bottom Turtle
This issue is a discussion about the trust anchor and dependencies of systems. While a clever turtle reference often satisfies the room, getting a real answer to this question is fundamental to modern security practices.
Great Minds Really Do Think Alike! No really, they do!
I found an inarguable topic in the most unlikely of places, deep in the conversations between cyber-security experts. The third edition of the Modern Security for Leaders series.
Traffic, Bridge Tolls, and Secure Browsing - How Automation Secures The Internet
In this post, we will explore how successful public internet practices provide a set of instructions for how the industry should be thinking about securing internal systems. The second edition of the Modern Security for Leaders series.
Instincts, Fast Cars, and Modern Security - Why I Joined smallstep
smallstep’s vision is centered on modernizing security practices using the best available technology to solve security challenges. Now you’re probably saying (as I was at this point), there are hundreds of companies out there spending billions of dollars on modernizing practices. How much market is really left for a scrappy startup? Turns out a lot!
The case for using TLS everywhere

The case for using TLS everywhere

By: Mike Malone

This post has a simple purpose: to persuade you to use TLS everywhere. By everywhere, I mean everywhere. Not just for the public internet, but for every internal service-to-service request. Not just between clouds or regions. Everywhere. Even inside production perimeters like VPCs. I suspect this will elicit a range of reactions from apathy to animosity. Regardless, read on.
Step: A New Zero Trust Swiss Army Knife from Smallstep
A better security model exists. Instead of relying on IP and MAC addresses to determine access we can cryptographically authenticate the identity of people and software making requests. It’s a simple concept, really: what matters is who or what is making a request, not where a request comes from. In short, access should be based on production identity.