Castlerock is a cloud operations and security firm. We help our clients store, secure, and optimize their data and web systems in the cloud. In a technology-ubiquitous world, what we do at Castlerock is a necessity. Our clients’ engineers can focus on their strengths – writing software – and leave decisions about security to the experts at Castlerock. When it comes to web systems, we absolutely love to identify issues and provide the simplest, cost-effective, and customized solutions for (what may seem like) complex problems. Whether you want to build a brand new systems or databases, modernize existing systems or databases, or swiftly improve your systems security, Castlerock is here to help. The Castlerock team prides ourselves on bringing humanity into the world of cloud operations and security. We start by discovering what your engineers have built or intend to build and then partner with you to advise on how to make the software solution automated, secure, and sustainable for the long-haul. And, of course, we implement our recommendations.
External link for Castlerock
Charlottesville, VA, US
This was a challenging project with excellent results. We can't wait to take it to the next level.
The Castlerock team recently finished migrating a client from EC2 to ECS. We share our process, lessons learned, and pleasantly surprising results in our latest blog post. Check it out: https://lnkd.in/g75jEzp8 #ecs #docker #pick3 #castlerockcs
The Castlerock team recently finished migrating a client from EC2 to ECS. We share our process, lessons learned, and pleasantly surprising results in our latest blog post. Check it out: https://lnkd.in/g75jEzp8 #ecs #docker #pick3 #castlerockcs
ICYMI: This summer, Castlerock joined the Amazon Partner Network (APN) as a Select Tier Service Provider. 👏 Joining the APN demonstrates our team's capabilities to deliver secure, scalable, and compliant cloud service solutions using AWS cloud services. As an APN member, Castlerock joins a global network of 130,000 partners from more than 200 countries that leverage AWS technologies, programs, expertise, and tools to build solutions and services for customers. ********** WE ARE NOW BOOKING PROJECTS FOR 2025! ********** We'd love to work with you if your company needs support with: 🎯 Meeting compliance goals such as SOC2, PCI, or HIPAA 📒 Reviewing cloud services infrastructure security and architecture 💵 Reviewing cloud services operational spending 🗺️ Building out an infrastructure roadmap ➡️ Migrating to/from a cloud service provider 💻 Modernizing applications 🪈 Building or optimizing build/deploy pipelines 🗄️ Creating secure database management/access practices ☠️ Evaluating risk from out-of-date/end-of-life software Contact us via DM or at https://castlerockcs.com/. #informationsecurity #cybersecurity #castlerockcs #amazonwebservices #aws
This summer, you may have seen news headlines about CDK Global, a software firm that serves car dealerships, coming under a cyberattack. The company had to pay tens of millions of dollars in ransom to the hackers - a penalty most businesses could never survive. Unfortunately, ransomware is prevalent, and all organizations that operate on technology (which, in 2024, are seemingly all of us) can be at risk. Our latest blog outlines 5 things your business can do to mitigate your risk of falling victim to ransomware. https://lnkd.in/gen3Zdv3 #informationsecurity #cybersecurity #ransomware #castlerockcs
We've made it our job at Castlerock to learn what software updates are coming down the pike and when. Founder Dan Goldberg's clients rely on him to flag updates well ahead of time before their software is out-of-date or obsolete. We have our eyes on a slew of updates that are scheduled for November and December. Do you have a plan to get ahead of the updates - to ensure your technology is up-to-date, running smoothly, and securely? DM us if you need support. (Note: Dotnet 6 on AWS Lambda has a couple of additional months before the runtime is removed from the modify/new function list, in February 2025) #informationsecurity #cybersecurity #cloud #PostgreSQL #PHP #Dotnet #MagentoOpenSource #castlerockcs
Castlerock reposted this
We love Tom Liston's post about website security and couldn't agree more. Your organization’s reputation and long-term success depend on, in part, your ability to protect data assets and stay out of harm's way. Your web-based applications are mission-critical, and with ever-evolving technology, these systems can become outdated or vulnerable to security breaches at any time. There is nothing wrong with admitting you don't know something or need help! That's why we encourage technology teams to focus on writing software, which is what they do best, and let us manage cloud operations and security. It's simply good teamwork and an incredibly important partnership that best protects your business. #informationsecurity #cybersecurity #castlerockcs
Expert in Cyber Security, Risk Mitigation, Technology Innovation, Development, and Security Education | Seeking Corporate Board Opportunities | Retired - Serving in an advisory capacity at Counter Hack Challenges, LLC.
I've been asked several times over my career, "What is the biggest security threat to small- to medium-sized businesses?" Rather than choosing a standard answer like phishing or ransomware, I'll say something completely different: people who think they know more than they do. I've run into that several times lately. As many of you know, I use some Google-fu each week to find compromised websites and try to contact the organizations to let them know so the owners can clean up their sites. Recently, I tried contacting the owners of a compromised website through LinkedIn. After sending them several messages, they finally responded that they had "run numerous cybersecurity scans and found no threats." I replied with a list of multiple URLs, leading to pages attackers added to their site. All the pages added to their site suddenly disappeared, and I heard nothing else back. Today, after exhausting multiple methods of contacting a different organization, I finally decided to give them a call. I don't particularly enjoy calling people because it rarely ends well, but I was determined to get through to them. I spoke to the receptionist and asked to speak with someone in charge of their website. She transferred me to a gentleman, and I explained that I was a security researcher who had noticed their site was compromised while investigating other hacked sites. He immediately got defensive. I explained that attackers had added pages to their site advertising questionable things. "Like what?" he asked. I explained that the added pages advertised techniques for viewing private Instagram profiles, among other things. I asked him if he could look at something in a web browser, preparing to give him a Google search string. He explained that he was "looking at the site right now" and saw nothing wrong. I explained that the attack was different from what he would see on the main site because attackers had added unlinked pages. Then he hung up. If you think you understand more about website security than you do, you'll likely miss many things, like the fact that most website hacks aren't easily visible. In this case, the attackers wanted these new pages to hang around as long as possible to get the SEO bump associated with having links on a popular web page. Of course, they won't make it easy to spot the hack! If you work in a small- to medium-sized business, you have so much on your plate that you can't be an expert in everything. If someone contacts your company and tells you someone has hacked your organization, listen. Be skeptical—I would never say otherwise, but please listen. You might find out something important. You might find out that someone has hacked your website.
We love Tom Liston's post about website security and couldn't agree more. Your organization’s reputation and long-term success depend on, in part, your ability to protect data assets and stay out of harm's way. Your web-based applications are mission-critical, and with ever-evolving technology, these systems can become outdated or vulnerable to security breaches at any time. There is nothing wrong with admitting you don't know something or need help! That's why we encourage technology teams to focus on writing software, which is what they do best, and let us manage cloud operations and security. It's simply good teamwork and an incredibly important partnership that best protects your business. #informationsecurity #cybersecurity #castlerockcs
Expert in Cyber Security, Risk Mitigation, Technology Innovation, Development, and Security Education | Seeking Corporate Board Opportunities | Retired - Serving in an advisory capacity at Counter Hack Challenges, LLC.
I've been asked several times over my career, "What is the biggest security threat to small- to medium-sized businesses?" Rather than choosing a standard answer like phishing or ransomware, I'll say something completely different: people who think they know more than they do. I've run into that several times lately. As many of you know, I use some Google-fu each week to find compromised websites and try to contact the organizations to let them know so the owners can clean up their sites. Recently, I tried contacting the owners of a compromised website through LinkedIn. After sending them several messages, they finally responded that they had "run numerous cybersecurity scans and found no threats." I replied with a list of multiple URLs, leading to pages attackers added to their site. All the pages added to their site suddenly disappeared, and I heard nothing else back. Today, after exhausting multiple methods of contacting a different organization, I finally decided to give them a call. I don't particularly enjoy calling people because it rarely ends well, but I was determined to get through to them. I spoke to the receptionist and asked to speak with someone in charge of their website. She transferred me to a gentleman, and I explained that I was a security researcher who had noticed their site was compromised while investigating other hacked sites. He immediately got defensive. I explained that attackers had added pages to their site advertising questionable things. "Like what?" he asked. I explained that the added pages advertised techniques for viewing private Instagram profiles, among other things. I asked him if he could look at something in a web browser, preparing to give him a Google search string. He explained that he was "looking at the site right now" and saw nothing wrong. I explained that the attack was different from what he would see on the main site because attackers had added unlinked pages. Then he hung up. If you think you understand more about website security than you do, you'll likely miss many things, like the fact that most website hacks aren't easily visible. In this case, the attackers wanted these new pages to hang around as long as possible to get the SEO bump associated with having links on a popular web page. Of course, they won't make it easy to spot the hack! If you work in a small- to medium-sized business, you have so much on your plate that you can't be an expert in everything. If someone contacts your company and tells you someone has hacked your organization, listen. Be skeptical—I would never say otherwise, but please listen. You might find out something important. You might find out that someone has hacked your website.
October 18 - 19 marks a favorite time of year for the Castlerock team! That's when we'll be at - and are proud sponsors of - beCamp! It's a tech event that takes place in our company's hometown of Charlottesville, Virginia. beCamp is homegrown "unconference" that provides so many opportunities for learning, connection, community building, and inspiration. Castlerock Cloud Consultant Todd Gerdy will be the emcee this year. Back by popular demand, attendees determine what the event will cover - they'll pitch discussion topics Friday evening to create Saturday's agenda! One of the best parts? Because of sponsorships, it's free to attend. You can do so here: https://be.camp/ Let us know if you plan to join! We'd love to connect with you in person on either day, and hope, in particular that you'll be there Saturday evening for the afterparty, which is what our sponsorship is going to this year! #castlerockcs #community #connection #becamp
Check out how Castlerock co-founder Dan Goldberg works across AWS environments. Spoiler alert: Zsh helps! https://lnkd.in/gjyy2D8C #aws #amazonwebservices #awscloud #cloud #castlerockcs
Lifelong mentor, learner, and Castlerock cloud consultant Riley L. was thrilled to stumble on Connection Strings, an easy reference and website where developers help each find solutions in connecting software to data. He loves the tips for database schema and more. Check it out: https://lnkd.in/dVajzQem #db #database #connection #connectionstrings #castlerockcs