Accelerating innovation at AWS Security

the @awscloud #security leadership session featuring @mosescj58 is starting now… What we can learn from customers: Accelerating innovation at AWS Security #reinvent

@marknca tweeted at 01-Dec-2022, 20:32

@mosescj58 up now, rocking some killer kicks 👟 #reinvent

@marknca tweeted at 01-Dec-2022, 20:32

@mosescj58 celebrating 15 years with @awscloud 🥳🥳🥳 congrats CJ! #reinvent

@marknca tweeted at 01-Dec-2022, 20:33

“Everyday I get to learn about the problems we can solve for customers, and how we can do that”, @mosescj58 #reinvent

@marknca tweeted at 01-Dec-2022, 20:34

@mosescj58 drawing the parallels between his sport—racing—and #security - both driven by data - safety is a key factor for success #reinvent

@marknca tweeted at 01-Dec-2022, 20:34

good Bezos quote, “Customers are always wonderfully, beautifully unsatisfied.” #reinvent

@marknca tweeted at 01-Dec-2022, 20:35

more than 90% of all the things @awscloud creates is directly from customers…the other 10% was built on behalf of those customers 😉 #reinvent

@marknca tweeted at 01-Dec-2022, 20:36

@mosescj58 sharing some of his previous roles in law enforcement and the parallels in his role with @AWSSecurityInfo today both looking for one tiny indicator amid a torrent of data #reinvent

@marknca tweeted at 01-Dec-2022, 20:37

@awscloud has the scale to enable security pre-AWS @mosescj58 was working with @jeffbarr back in 2007. those conversations kicked off a ton of security work …which brought CJ to AWS #reinvent

@marknca tweeted at 01-Dec-2022, 20:39

1st challenge: isolate workloads in a data center …wow, think about that vs. what we heard in Peter DeSantis’ keynote on Monday about @awscloud Lambda function isolation #reinvent

@marknca tweeted at 01-Dec-2022, 20:40

@mosescj58 reminiscing about the scrappy startup days of @AWSSecurityInfo bean bag chairs => hand me down cube from AOL (!) in a dingy corner…working together as a small team cracking on a deeply interesting & challenging problem #reinvent

@marknca tweeted at 01-Dec-2022, 20:41

experiments lead to virtualizing the network layer. that was what provided the isolation needed #reinvent

@marknca tweeted at 01-Dec-2022, 20:42

that 👆 was the start of @awscloud VPC #reinvent

@marknca tweeted at 01-Dec-2022, 20:42

“We’ve grown a tiny bit”, @mosescj58 aims for understatement of the show #reinvent

@marknca tweeted at 01-Dec-2022, 20:43

by, the main “home” for @AWSSecurityInfo is https://aws.amazon.com/security/ …though there’s a ton of info everywhere in the service docs/whitepapers/etc. #reinvent

@marknca tweeted at 01-Dec-2022, 20:44

events seen on the @awscloud global network…. …that’s a lot of zeros #reinvent

@marknca tweeted at 01-Dec-2022, 20:44

that’s a new visual for the shared responsibility model. I think that’s much clearer than the older one w/way too many layers shown #reinvent

@marknca tweeted at 01-Dec-2022, 20:45

great reference on the shared responsibility model: https://aws.amazon.com/compliance/shared-responsibility-model/ #reinvent

@marknca tweeted at 01-Dec-2022, 20:45

“If you have access or control, you have responsibility”, @mosescj58 << great summary and ‘cheatsheet’ for the @awscloud shared responsibility model #reinvent

@marknca tweeted at 01-Dec-2022, 20:46

getting a bit of a peek behind the @AWSSecurityInfo curtain here from @mosescj58 #reinvent

@marknca tweeted at 01-Dec-2022, 20:47

more on @awscloud Shield at https://aws.amazon.com/shield/ …AWS WAF at https://aws.amazon.com/waf/ #reinvent

@marknca tweeted at 01-Dec-2022, 20:48

@AWSSecurityInfo saw more than 224M malware samples in six months! #reinvent

@marknca tweeted at 01-Dec-2022, 20:49

all of the data that @AWSSecurityInfo gathers from their perspective informs new @awscloud services and features that’s why we’re seeing so many new feature advances in things like Amazon Macie and Amazon GuardDuty #reinvent

@marknca tweeted at 01-Dec-2022, 20:49

more on @awscloud Macie at https://aws.amazon.com/macie/ …Amazon GuardDuty at https://aws.amazon.com/guardduty/ #reinvent

@marknca tweeted at 01-Dec-2022, 20:50

exposed credentials are a continuing challenge. IAM helps reduce the blast radius (good ol’ principle of least privilege) and @awscloud Security Hub helps shine a light on those issues #reinvent

@marknca tweeted at 01-Dec-2022, 20:51

@mosescj58 calls out—again, and will do again & again—how valuable MFA or multi-factor authentication is more details at https://aws.amazon.com/iam/features/mfa/ remember if you’re onsite, you can pick up a hardware MFA key…and you can always use an MFA app #reinvent

@marknca tweeted at 01-Dec-2022, 20:52

details on getting an MFA key onsite 👇 https://twitter.com/AWSSecurityInfo/status/1597263326589120514 #reinvent

@marknca tweeted at 01-Dec-2022, 20:52

get an MFA key online (with some restrictions) at https://aws.amazon.com/security/amazon-security-initiatives/free-mfa-security-key/ #reinvent

@marknca tweeted at 01-Dec-2022, 20:53

@mosescj58 moving into six 🔑 learnings for @AWSSecurityInfo: 1. educate everyone about #security 2. build a security-first culture 3. hire & develop the best #reinvent

@marknca tweeted at 01-Dec-2022, 20:55

...continuing the six 🔑 learnings... 4. shift left & automate 5. invest in a dynamic workforce 6. make security the department of “yes, and…” #reinvent

@marknca tweeted at 01-Dec-2022, 20:57

btw, @mosescj58’s voice is toast 🍞, but he’s powering through like a champ hang in there CJ! #reinvent

@marknca tweeted at 01-Dec-2022, 20:57

moving on to predictions for 2023 now... #reinvent

@marknca tweeted at 01-Dec-2022, 20:58

increasing threat continue to drive the shift to the cloud …this is a data problem. @awscloud Security Lake is designed to help remove barriers in analyzing that data and drawing insights from it #reinvent

@marknca tweeted at 01-Dec-2022, 20:59

more on @awscloud Security Lake in this blog post by @channyun…but you already knew that 😉 https://aws.amazon.com/blogs/aws/preview-amazon-security-lake-a-purpose-built-customer-owned-data-lake-service/ #reinvent

@marknca tweeted at 01-Dec-2022, 20:59

next prediction: we need more #security professionals. broaden your search net. we need more diversity and neurodiversity in our community more perspectives only make things better #reinvent

@marknca tweeted at 01-Dec-2022, 21:01

next prediction: automate everything why? there’s just too much data that needs protecting…and too much security data that needs to be processed. the only way is automation #reinvent

@marknca tweeted at 01-Dec-2022, 21:01

the new automated data discovery from Amazon Macie aims to help with this session SEC209, “Continuous innovation in AWS threat detection & monitoring services” covers this in more depth (on the @AWSEvents YouTube channel soon) #reinvent

@marknca tweeted at 01-Dec-2022, 21:02

the blog post on Macie is up at https://aws.amazon.com/blogs/aws/automated-data-discovery-for-amazon-macie/ #reinvent

@marknca tweeted at 01-Dec-2022, 21:03

another feature that helps here is external key store (XKS) for @awscloud KMS (key management system) blog post on that is available at https://aws.amazon.com/blogs/aws/announcing-aws-kms-external-key-store-xks/ #reinvent

@marknca tweeted at 01-Dec-2022, 21:04

s/service/system/👆 #reinvent

@marknca tweeted at 01-Dec-2022, 21:05

more on @awscloud KMS at https://aws.amazon.com/kms/ #reinvent

@marknca tweeted at 01-Dec-2022, 21:05

this one is massive. @awscloud Verified Permissions blog post: https://aws.amazon.com/blogs/security/get-the-best-out-of-amazon-verified-permissions-by-using-fine-grained-authorization-methods/ product page: https://aws.amazon.com/verified-permissions/ #reinvent

@marknca tweeted at 01-Dec-2022, 21:06

another @AWSSecurityInfo IAM feature: multiple MFA devices for root users and IAM users blog at https://aws.amazon.com/blogs/security/you-can-now-assign-multiple-mfa-devices-in-iam/ #reinvent

@marknca tweeted at 01-Dec-2022, 21:07

btw, Verified Permissions is part of the broader “provable security” initiative from @AWSSecurityInfo tons of great features/services have come from this push program page is up at https://aws.amazon.com/security/provable-security/ #reinvent

@marknca tweeted at 01-Dec-2022, 21:08

@mosescj58 diving into some post-quantum cryptography details. lots of work going on here in the community blog post: https://aws.amazon.com/about-aws/whats-new/2022/03/aws-kms-acm-support-latest-hybrid-post-quantum-tls-ciphers/ #reinvent

@marknca tweeted at 01-Dec-2022, 21:09

@mosescj58 takes a quick pause as we get a video to intro @united #reinvent

@marknca tweeted at 01-Dec-2022, 21:10

now to a fireside chat between @mosescj58 and @deneendefiore, CISO @united #reinvent

@marknca tweeted at 01-Dec-2022, 21:11

@deneendefiore is speaking to the resiliency challenges with technology. every traveller interaction @united crosses a lot of different systems, #security and resiliency are critical at each stage #reinvent

@marknca tweeted at 01-Dec-2022, 21:12

on automation, @deneendefiore talks about leveraging @AWSSecurityInfo services and automating their own systems to ensure that builders @united are starting from strong, secure-by-default positions #reinvent

@marknca tweeted at 01-Dec-2022, 21:13

@deneendefiore @AWSSecurityInfo @united on culture: @deneendefiore points out that aviation is already a safety aware culture. it’s an “easy” bridge to #security …when compared to other verticals that common understanding makes collaboration a lot easier if you don’t have it, you can build that culture #reinvent

@marknca tweeted at 01-Dec-2022, 21:15

another great call out that everyone can use: find the cultural points in your organization that are already there. use those as #security entry points @deneendefiore & @united use regular safety briefings that are already in place ❤️👆 #reinvent

@marknca tweeted at 01-Dec-2022, 21:16

@deneendefiore @united @mosescj58 calls out @awscloud's approach with #security learning/education check out and use their solution at https://t.co/TNoUHSzX8i #reinvent

@marknca tweeted at 01-Dec-2022, 21:18

@deneendefiore @united @mosescj58 @awscloud @deneendefiore's focus for 2023: - be brilliant at the basics - advance capabilities as your environment changes (tech/biz/regulatory/etc.) - enable the business! #reinvent

@marknca tweeted at 01-Dec-2022, 21:21

@deneendefiore @united @mosescj58 @awscloud on to the challenges around recruiting, developing, and maintaining #security talent... #reinvent

@marknca tweeted at 01-Dec-2022, 21:24

@deneendefiore is a great example of a lot of #security career path...from anywhere. there's no one path to get into security if you're hiring, understand that. yes, it's more work, but so, so worth it #reinvent

@marknca tweeted at 01-Dec-2022, 21:25

@deneendefiore key point from @mosescj58: you can hire a diverse set of ppl, but if you don't have a culture of inclusion...they aren't going to stay or succeed! #reinvent

@marknca tweeted at 01-Dec-2022, 21:27

@deneendefiore @mosescj58 ...and that's a wrap from the #security leadership session by @mosescj58 at #reinvent 2022! hopefully, he's now off to get some tea 🍵 for his voice

@marknca tweeted at 01-Dec-2022, 21:28

👆 Start