Stephen Schmidt's Security Leadership Session at AWS re:Invent 2021

The leadership session at AWS re:Invent provide a deeper dive into a specific area of focus. Stephen Schmidt, CISO at AWS takes the stage to talk all things security.

I missed the first 10 minutes of the session and will update this post when I watch it on demand.

The First 10 Minutes

THe session is now available on demand so I was able to watch the first ten minutes. Here are my takeaways as a list, instead of a tweet storm;

• “If we wanted continuous improvement, we need to lower the friction of security”, Stephen Schmidt
• “If a process is inefficient or overly taxing, people will just work around. We’ve got to make security as easy choice.”, Stephen Schmidt
• “Getting start is simple, and you start seeing value quickly…” This was mentioned in relation to making security easier to use. 100% spot on
• Guard Duty has added a bunch of great Amazon S3 findings
• AWS Security Hub now allows you to designate an “aggregation region.” This makes using AWS Security Hub so much easier
• Amazon Detective uses a bunch of techniques (machine learning, statistical analysis, and graph theory) to help accelerate your security investigations
• AWS’s security strategy is to remain focused on tangible ways to make customers safer
• “We need to train people on security best practices in a manner that’s engaging”, Stephen Schmidt. He segues this into highlight the newly released & free security awareness training
• The launch of Incident Manager from AWS Systems Manager was highlighted. Lots to love in this feature set
• Focus on making the service better through collaboration with builders. That’s critical for better security outcomes. “Let’s makes security a great experience for developers”, Stephen Schmidt

Live Tweets

This 👇 is the Twitter thread of my coverage of the keynote…

Tweet 1/44 👇 Next tweet

Tweet 2/44 👇 Next tweet 👆 Start

Sarah from @AWSIdentity up now… #reinvent

@marknca tweeted at 02-Dec-2021, 21:17

Tweet 3/44 👇 Next tweet 👆 Start

“MFA is the best way to secure your work as you build”, Sarah from @AWSIdentity with a Yubikey on her earrings! 👇 her plates… #reinvent

@marknca tweeted at 02-Dec-2021, 21:19

Tweet 4/44 👇 Next tweet 👆 Start

Tweet 5/44 👇 Next tweet 👆 Start

“All workloads on @awscloud should be multi-account, that’s how we’ve designed @AWSIdentity” #reinvent #security

@marknca tweeted at 02-Dec-2021, 21:20

Tweet 6/44 👇 Next tweet 👆 Start

Tweet 7/44 👇 Next tweet 👆 Start

#reinvent

@marknca tweeted at 02-Dec-2021, 21:20

Tweet 8/44 👇 Next tweet 👆 Start

Tweet 9/44 👇 Next tweet 👆 Start

Tweet 10/44 👇 Next tweet 👆 Start

Sarah covering some @AWSIdentity recent releases. top of the list: IAM Access Analyzer more at https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html #reinvent #security

@marknca tweeted at 02-Dec-2021, 21:23

Tweet 11/44 👇 Next tweet 👆 Start

Tweet 12/44 👇 Next tweet 👆 Start

Tweet 13/44 👇 Next tweet 👆 Start

Tweet 14/44 👇 Next tweet 👆 Start

Tweet 15/44 👇 Next tweet 👆 Start

. @StephenSchmidt back up to switch gears…updates! #reinvent #security

@marknca tweeted at 02-Dec-2021, 21:26

Tweet 16/44 👇 Next tweet 👆 Start

162 checks now in @awscloud Security Hub! + VPC endpoint support (https://docs.aws.amazon.com/securityhub/latest/userguide/security-vpc-endpoints.html) #reinvent

@marknca tweeted at 02-Dec-2021, 21:27

Tweet 17/44 👇 Next tweet 👆 Start

Amazon Detective got support S3 and DNS finding types more at https://aws.amazon.com/about-aws/whats-new/2021/09/amazon-detective-s3-dns/ #reinvent #security

@marknca tweeted at 02-Dec-2021, 21:28

Tweet 18/44 👇 Next tweet 👆 Start

. @awscloud Shield automatically does application layer DDoS mitigation more: https://aws.amazon.com/about-aws/whats-new/2021/12/aws-shield-advanced-application-layer-ddos-mitigation/ #reinvent #security

@marknca tweeted at 02-Dec-2021, 21:29

Tweet 19/44 👇 Next tweet 👆 Start

Tweet 20/44 👇 Next tweet 👆 Start

Tweet 21/44 👇 Next tweet 👆 Start

simple win: update the alternative security contact for your accounts. you can do this via Orgs and the CLI now more on that at https://aws.amazon.com/blogs/security/update-the-alternate-security-contact-across-your-aws-accounts-for-timely-security-notifications/ #reinvent #security

@marknca tweeted at 02-Dec-2021, 21:31

Tweet 22/44 👇 Next tweet 👆 Start

“Consider the Security Pillar of the AWS Well-Architected Framework” << …and the rest of the framework! there’s a ton of amazing stuff in there that contributes to security more https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html #reinvent #security

@marknca tweeted at 02-Dec-2021, 21:32

Tweet 23/44 👇 Next tweet 👆 Start

Thomas Avant coming up now to talk about security culture at @awscloud #reinvent #security

@marknca tweeted at 02-Dec-2021, 21:33

Tweet 24/44 👇 Next tweet 👆 Start

Tweet 25/44 👇 Next tweet 👆 Start

they regularly remind employees about the importance of #security to the work their doing #reinvent

@marknca tweeted at 02-Dec-2021, 21:35

Tweet 26/44 👇 Next tweet 👆 Start

Tweet 27/44 👇 Next tweet 👆 Start

“@StephenSchmidt himself gets page if it comes to that…it’s not fun, I’ve seen it”, Thomas Avant #reinvent #infosec

@marknca tweeted at 02-Dec-2021, 21:37

Tweet 28/44 👇 Next tweet 👆 Start

“We’ve got all the runbooks you would expect @awscloud but we’re also heavily reliant on employees making the best decisions possible” #reinvent #infosec

@marknca tweeted at 02-Dec-2021, 21:38

Tweet 29/44 👇 Next tweet 👆 Start

Tweet 30/44 👇 Next tweet 👆 Start

#reinvent

@marknca tweeted at 02-Dec-2021, 21:38

Tweet 31/44 👇 Next tweet 👆 Start

Tweet 32/44 👇 Next tweet 👆 Start

#reinvent

@marknca tweeted at 02-Dec-2021, 21:40

Tweet 33/44 👇 Next tweet 👆 Start

. @StephenSchmidt back up to talk about what sets @awscloud apart from the #security angle #reinvent

@marknca tweeted at 02-Dec-2021, 21:41

Tweet 34/44 👇 Next tweet 👆 Start

first up: containers & code #reinvent #security

@marknca tweeted at 02-Dec-2021, 21:41

Tweet 35/44 👇 Next tweet 👆 Start

Tweet 36/44 👇 Next tweet 👆 Start

more on Amazon CodeGuru at https://aws.amazon.com/codeguru/ #reinvent #infosec

@marknca tweeted at 02-Dec-2021, 21:42

Tweet 37/44 👇 Next tweet 👆 Start

there’s now a nice integration with Amazon CodeGuru + @awscloud Secrets Manager. more on that at https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-codeguru-reviewer-hardcoded-secrets-java-python/ #reinvent #infosec

@marknca tweeted at 02-Dec-2021, 21:43

Tweet 38/44 👇 Next tweet 👆 Start

. @awscloud GuardDuty support for #k8s audit logs coming in early 2022! #reinvent

@marknca tweeted at 02-Dec-2021, 21:45

Tweet 39/44 👇 Next tweet 👆 Start

broader container support coming to other @AWSSecurityInfo services too. no firm ETA but it’s being worked on… #reinvent #infosec

@marknca tweeted at 02-Dec-2021, 21:46

Tweet 40/44 👇 Next tweet 👆 Start

#reinvent

@marknca tweeted at 02-Dec-2021, 21:46

Tweet 41/44 👇 Next tweet 👆 Start

I remember when these slides were just a couple of names. nice to see the expansion of the #security partner community around @awscloud #reinvent

@marknca tweeted at 02-Dec-2021, 21:49

Tweet 42/44 👇 Next tweet 👆 Start

. @awscloud re:Inforce 2022 dates announced! 28 & 29-Jun-2022 in Houston, TX #reinvent #infosec

@marknca tweeted at 02-Dec-2021, 21:50

Tweet 43/44 👇 Next tweet 👆 Start

closing quote from @StephenSchmidt. this was a great leadership session (as expected), can’t wait to catch the first 10m on replay #reinvent #security

@marknca tweeted at 02-Dec-2021, 21:51

Tweet 44/44 👇 Next tweet 👆 Start

. @StephenSchmidt even gets in the “Please complete the session survey” plug at the end! 🤣 /🧵 #reinvent #security

@marknca tweeted at 02-Dec-2021, 21:51

👆 Start