AWS Public Sector Summit // Automated, Scalable, Pragmatic Security in the AWS Cloud
Security in the AWS Cloud is integrated into all aspects of your workloads. Security is a core pillar of the well-architected framework and teams that take advantage of modern building techniques will deploy resilient workloads by default. In this session, learn how security works in the AWS Cloud, the role played by AWS security services, how AWS Partner Network partners fit into the picture, and how existing public sector frameworks function when adapted to modern building techniques.
AWS Summit // Automating Your Security Fabric: Connecting AWS Services
AWS offers a number of security-focused services. In isolation, each solves a very specific challenge. Connect these services together and you have the foundations of a strong, automated, modern approach to security. This talk will help you make sense of the AWS security services and look at how you can combine them together to solve common security challenges with your workloads.
I also gave this talk at the AWS Summit in New York, Chicago, and Anaheim.
Serverlessconf // Calling [email protected]*! On Security: A Cultural Challenge
Serverless designs open up a new way of building and a new way of doing business. Cybersecurity teams seem dead set on making sure that doesn’t happen. There is a ton of FUD–fear, uncertainty, and doubt–when it comes to how to approach the security of serverless applications. Why?
In this talk, we’ll examine the culture around this viewpoint and see how it aligns with the principles of modern cybersecurity. Is there a better way forward? How can you bridge the gap between perception and reality?
Gartner // Security in a DevOps World
Organizations are adopting DevOps to seize market opportunities ahead of the competition. Building information security into this new development pattern is challenging. With real world examples, this session will help you to:
- Understand the quality and security shortcomings of existing DevOps processes
- Learn how to overcome resistance to integrating security into DevOps
- Identify tools to build security into every phase of the DevOps pipeline
This talk was also delivered at the Gartner Security & Risk Management Summit in London, UK on Monday, 10-Sep.
AtlSecCon // The Paradox of Cybersecurity in Operational Technologies
IoT has moved beyond kettles, thermostats, and doorbells. Operational technologies (otherwise known as IIoT) like tractors, factories, healthcare devices, and even robots are helping to enable the fourth industrial revolution.
Companies that embrace these changes will lead the charge. Those that don’t will fall behind. These technologies lead to exciting new designs, leveraging the latest and greatest buzzword-laden offerings. Build on a clean slate, and you can drive strong security concepts into every layer of the system.
Unfortunately, these designs don’t get implemented in the real world. The real world of operational technology is messy. It’s dealing with years and years of technology decisions made with wildly different threat models. It’s trying to match technologies built with 20-year lifespans with defences that need to be updated minute-by-minute.
In this talk, we’ll examine the reality of operational technology deployments. How do we match modern cybersecurity practices with decades-old technologies and regulations? Can we? You’ll come away with a better appreciation of the challenges involved in securing operational technologies.
More info about this talk is available in this post.
SXSW // Rogue Robots and the Potential for Cyberattack
Most people think that robots are either limited to lab experiments or to humanoid robots ready to start an uprising against the humans. Movies, TV, and sci-fi have shaped how we think of robots.
The reality is starkly different and more advanced than you think. In this talk, we examine the current state of industrial robots and the cybersecurity challenges they face.
AWS re:Invent 2017 // Securing Serverless Applications Step-by-step
Serverless applications let you focus on solving the problem at hand. Gone are most of the worries of traditional solutions. No more support code. No more building out infrastructure to deliver your application. This means you have to do less and get more in return. It also means traditional approaches to security aren’t even possible
This talk tackles the specific steps you need to take to build security into the fabric of these application within the AWS Cloud.
ServerlessConf NYC // The State of Serverless Security
Serverless designs are changing the way we write applications. Removing most of the burden of operations and allowing a focus purely on the solution at hand. Unfortunately—at the same time—these designs have also challenged the fundamentals of cybersecurity. When you control none of the infrastructure and have minimal access to the code running your solution, how can you apply security controls?
In this keynote, we looked at this question and more.
Other talks in 2017
A CISO’s Journey at Vonage: Achieving Unified Security at Scale
AWS re:Invent 2017
Building On A Strong Foundation
AWS Transformation Day
Is Your Security Team Setup To Fail?
Automating Event Driven Security in the AWS Cloud
AWS Summit Sydney
Securing Serverless Applications in the Cloud
Security Teams & Tech In A Cloud World
BC Aware Day