Security Cloud Privacy Tech
Stephen Schmidt's Security Leadership Session at AWS re:Invent 2021

Stephen Schmidt's Security Leadership Session at AWS re:Invent 2021

7 minute read | Last updated 2-Dec-2021 | An icon depicting a retail tag with a heart for 'favourite' AWSCloudAWS re:InventSecurity

The leadership session at AWS re:Invent provide a deeper dive into a specific area of focus. Stephen Schmidt, CISO at AWS takes the stage to talk all things security.

I missed the first 10 minutes of the session and will update this post when I watch it on demand.

The First 10 Minutes

THe session is now available on demand so I was able to watch the first ten minutes. Here are my takeaways as a list, instead of a tweet storm;

Live Tweets

This πŸ‘‡ is the Twitter thread of my coverage of the keynote…

Tweet 1/44 πŸ‘‡ Next tweet

...ahhh, jumping in late to this one

#reinvent https://twitter.com/66780587/status/1466510060784394253

marknca@marknca tweeted at 02-Dec-2021, 21:15

Tweet 2/44 πŸ‘‡ Next tweet πŸ‘† Start

Sarah from @AWSIdentity up now…

#reinvent

marknca@marknca tweeted at 02-Dec-2021, 21:17

Tweet 3/44 πŸ‘‡ Next tweet πŸ‘† Start

β€œMFA is the best way to secure your work as you build”, Sarah from @AWSIdentity with a Yubikey on her earrings!

πŸ‘‡ her plates…

#reinvent

marknca@marknca tweeted at 02-Dec-2021, 21:19

Tweet 4/44 πŸ‘‡ Next tweet πŸ‘† Start

ok, now I want a Yubikey on my earrings too. Sarah recommended this one, the 5c nano: https://www.yubico.com/ca/product/yubikey-5c-nano/

#reinvent

marknca@marknca tweeted at 02-Dec-2021, 21:19

Tweet 5/44 πŸ‘‡ Next tweet πŸ‘† Start

β€œAll workloads on @awscloud should be multi-account, that’s how we’ve designed @AWSIdentity”

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:20

Tweet 6/44 πŸ‘‡ Next tweet πŸ‘† Start

β€œIf you are a human, you should be logging into @awscloud through SSO”, Sarah from @AWSIdentity

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:20

Tweet 7/44 πŸ‘‡ Next tweet πŸ‘† Start

#reinvent

marknca@marknca tweeted at 02-Dec-2021, 21:20

Tweet 8/44 πŸ‘‡ Next tweet πŸ‘† Start

more on @AWSIdentity SSO at https://aws.amazon.com/single-sign-on/

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:21

Tweet 9/44 πŸ‘‡ Next tweet πŸ‘† Start

the β€œdata perimeter” idea is all about protecting your solutions from all angles

#reinvent

marknca@marknca tweeted at 02-Dec-2021, 21:21

Tweet 10/44 πŸ‘‡ Next tweet πŸ‘† Start

Sarah covering some @AWSIdentity recent releases. top of the list: IAM Access Analyzer

more at https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:23

Tweet 11/44 πŸ‘‡ Next tweet πŸ‘† Start

…there is also Network Access Analyzer

more on that new release at https://aws.amazon.com/blogs/aws/new-amazon-vpc-network-access-analyzer/

#reinvent #securtiy

marknca@marknca tweeted at 02-Dec-2021, 21:23

Tweet 12/44 πŸ‘‡ Next tweet πŸ‘† Start

another one in the list, Access Analyzer policy validation

more on that at https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-validation.html

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:24

Tweet 13/44 πŸ‘‡ Next tweet πŸ‘† Start

Sarah also calls out the IAM Access Analyzer policy generation feature released by @AWSIdentity a little while back

more at https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-generation.html

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:25

Tweet 14/44 πŸ‘‡ Next tweet πŸ‘† Start

πŸ‘† great list. everyone should be using these tools regularly

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:25

Tweet 15/44 πŸ‘‡ Next tweet πŸ‘† Start

. @StephenSchmidt back up to switch gears…updates!

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:26

Tweet 16/44 πŸ‘‡ Next tweet πŸ‘† Start

162 checks now in @awscloud Security Hub!

#reinvent

marknca@marknca tweeted at 02-Dec-2021, 21:27

Tweet 17/44 πŸ‘‡ Next tweet πŸ‘† Start

Amazon Detective got support S3 and DNS finding types

more at https://aws.amazon.com/about-aws/whats-new/2021/09/amazon-detective-s3-dns/

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:28

Tweet 18/44 πŸ‘‡ Next tweet πŸ‘† Start

. @awscloud Shield automatically does application layer DDoS mitigation

more: https://aws.amazon.com/about-aws/whats-new/2021/12/aws-shield-advanced-application-layer-ddos-mitigation/

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:29

Tweet 19/44 πŸ‘‡ Next tweet πŸ‘† Start

Amazon Inspector got a big update. I covered that at https://markn.ca/2021/first-look-at-the-brand-new-amazon-inspector/

lots of great stuff in this complete revamp

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:29

Tweet 20/44 πŸ‘‡ Next tweet πŸ‘† Start

there is a dedicated session on site for Amazon Inspector. will be on demand in a few days

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:30

Tweet 21/44 πŸ‘‡ Next tweet πŸ‘† Start

simple win: update the alternative security contact for your accounts. you can do this via Orgs and the CLI now

more on that at https://aws.amazon.com/blogs/security/update-the-alternate-security-contact-across-your-aws-accounts-for-timely-security-notifications/

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:31

Tweet 22/44 πŸ‘‡ Next tweet πŸ‘† Start

β€œConsider the Security Pillar of the AWS Well-Architected Framework” << …and the rest of the framework! there’s a ton of amazing stuff in there that contributes to security

more https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:32

Tweet 23/44 πŸ‘‡ Next tweet πŸ‘† Start

Thomas Avant coming up now to talk about security culture at @awscloud

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:33

Tweet 24/44 πŸ‘‡ Next tweet πŸ‘† Start

here’s another great talk about @awscloud #security culture from re:Inforce 2021: https://www.youtube.com/watch?v=edWC5q-enX0&feature=youtu.be

be sure to bookmark this one πŸ‘‡ and watch it later

#reinvent

marknca@marknca tweeted at 02-Dec-2021, 21:35

Tweet 25/44 πŸ‘‡ Next tweet πŸ‘† Start

they regularly remind employees about the importance of #security to the work their doing

#reinvent

marknca@marknca tweeted at 02-Dec-2021, 21:35

Tweet 26/44 πŸ‘‡ Next tweet πŸ‘† Start

πŸ”‘ @awscloud is always looking for ways to empower everyone to be a part of the #security team

#reinvent #infosec

marknca@marknca tweeted at 02-Dec-2021, 21:36

Tweet 27/44 πŸ‘‡ Next tweet πŸ‘† Start

β€œ@StephenSchmidt himself gets page if it comes to that…it’s not fun, I’ve seen it”, Thomas Avant

#reinvent #infosec

marknca@marknca tweeted at 02-Dec-2021, 21:37

Tweet 28/44 πŸ‘‡ Next tweet πŸ‘† Start

β€œWe’ve got all the runbooks you would expect @awscloud but we’re also heavily reliant on employees making the best decisions possible”

#reinvent #infosec

marknca@marknca tweeted at 02-Dec-2021, 21:38

Tweet 29/44 πŸ‘‡ Next tweet πŸ‘† Start

πŸ‘† that only works because they’ve built up that #security culture. it’s hard work but well worth it

#reinvent

marknca@marknca tweeted at 02-Dec-2021, 21:38

Tweet 30/44 πŸ‘‡ Next tweet πŸ‘† Start

#reinvent

marknca@marknca tweeted at 02-Dec-2021, 21:38

Tweet 31/44 πŸ‘‡ Next tweet πŸ‘† Start

I ❀️ how many times I’ve heard β€œbuilders” in this #security session

#reinvent

marknca@marknca tweeted at 02-Dec-2021, 21:40

Tweet 32/44 πŸ‘‡ Next tweet πŸ‘† Start

#reinvent

marknca@marknca tweeted at 02-Dec-2021, 21:40

Tweet 33/44 πŸ‘‡ Next tweet πŸ‘† Start

. @StephenSchmidt back up to talk about what sets @awscloud apart from the #security angle

#reinvent

marknca@marknca tweeted at 02-Dec-2021, 21:41

Tweet 34/44 πŸ‘‡ Next tweet πŸ‘† Start

first up: containers & code

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:41

Tweet 35/44 πŸ‘‡ Next tweet πŸ‘† Start

β€œContaining risk through isolation”, pun NOT pardoned @StephenSchmidt πŸ€£πŸ˜‰

#reinvent #infosec

marknca@marknca tweeted at 02-Dec-2021, 21:42

Tweet 36/44 πŸ‘‡ Next tweet πŸ‘† Start

more on Amazon CodeGuru at https://aws.amazon.com/codeguru/

#reinvent #infosec

marknca@marknca tweeted at 02-Dec-2021, 21:42

Tweet 37/44 πŸ‘‡ Next tweet πŸ‘† Start

there’s now a nice integration with Amazon CodeGuru + @awscloud Secrets Manager. more on that at https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-codeguru-reviewer-hardcoded-secrets-java-python/

#reinvent #infosec

marknca@marknca tweeted at 02-Dec-2021, 21:43

Tweet 38/44 πŸ‘‡ Next tweet πŸ‘† Start

. @awscloud GuardDuty support for #k8s audit logs coming in early 2022!

#reinvent

marknca@marknca tweeted at 02-Dec-2021, 21:45

Tweet 39/44 πŸ‘‡ Next tweet πŸ‘† Start

broader container support coming to other @AWSSecurityInfo services too. no firm ETA but it’s being worked on…

#reinvent #infosec

marknca@marknca tweeted at 02-Dec-2021, 21:46

Tweet 40/44 πŸ‘‡ Next tweet πŸ‘† Start

#reinvent

marknca@marknca tweeted at 02-Dec-2021, 21:46

Tweet 41/44 πŸ‘‡ Next tweet πŸ‘† Start

I remember when these slides were just a couple of names. nice to see the expansion of the #security partner community around @awscloud

#reinvent


marknca@marknca tweeted at 02-Dec-2021, 21:49

Tweet 42/44 πŸ‘‡ Next tweet πŸ‘† Start

. @awscloud re:Inforce 2022 dates announced! 28 & 29-Jun-2022 in Houston, TX

#reinvent #infosec

marknca@marknca tweeted at 02-Dec-2021, 21:50

Tweet 43/44 πŸ‘‡ Next tweet πŸ‘† Start

closing quote from @StephenSchmidt. this was a great leadership session (as expected), can’t wait to catch the first 10m on replay

#reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:51

Tweet 44/44 πŸ‘‡ Next tweet πŸ‘† Start

. @StephenSchmidt even gets in the β€œPlease complete the session survey” plug at the end! 🀣

/🧡 #reinvent #security

marknca@marknca tweeted at 02-Dec-2021, 21:51

πŸ‘† Start

More Content

Prev: Werner Vogel's Keynote at AWS re:Invent 2021

Next: What AWS re:Invent 2021 Means For The Future of Cloud Computing

Back to top

Related Content