Aaron Bedra

Security should always be built with an understanding of who might be attacking and how capable they are. Typical threat modeling exercises are done with a static group of threat actors applied in “best guess” scenarios. While this is helpful in the beginning, the real data eventually tells the accurate story. The truth is that your threat landscape is constantly shifting and your threat model should dynamically adapt to it. This adaptation allows teams to continuously examine controls and ensure they are adequate to counter the current threat actors. It helps create a quantitative risk driven approach to security and should be a part of every security teams tools.

Join Aaron as he demonstrates how to look at web traffic to analyze the threat landscape and turn request logs into data that identifies threat actors by intent and categorizes them in a way that can be fed directly into quantitative risk analysis. Aaron will show how important this data is in driving risk analysis and creating an effective and appropriate security program.

Are you using or moving to AWS? Have you considered how you organize and secure your AWS environments? The growing push to cloud providers has allowed us to move faster and tackle problems more efficiently. The same freedoms that have allowed us to move faster have also created scenarios where security issues are exposed by accident and/or without proper management and review. As companies move toward more and more cloud usage, teams are pushed harder to ensure the same compliance and security requirements that exist in slower moving private environments. This has the potential to put us right back where we came from.

Join Aaron as he talks through the most critical security decisions you can make for you AWS environments. He will identify issues and solutions in an automation friendly fashion that aim to fit seamlessly into the development and deployment lifecycle. This session will cover the following topics:

• Account provisioning and IAM
• Credential management
• VPC setup and network design
• AWS services that boost your security posture
• Auditing AWS configurations to find security holes
• Creating a robust CI pipeline that ensures no obvious security holes are present within your environments

In addition to these topics a heavy emphasis on both platform and server automation will be included. Please note that this session is heavily tuned to people using Amazon Web Services. If you are using another Cloud provider the ideas will still be relevant, but not all solutions will be available for your provider.

Microservices bring about a series of architectural shifts. One of the most powerful is true separation of concerns. This change brings with it incredible security opportunities. Join Aaron as he demonstrates how to identify and execute on these opportunities. In this session you will explore service and data classification techniques, authentication and access control, and service interface design that respects classification boundaries. If you are interested in, building, or currently using Microservices, this session is a must see!

More to follow…

Any system of significant scale or latency sensitivity employs the use of caching. It could be as simple as memoization, or as complicated as a fully distributed system. These ideas serve us well, but how do we take it to the next level?

Join Aaron as he demonstrates customizing a caching system. He will discuss the pros and cons of embedding application and domain specificity into your caching model. Aaron will show a start to finish implementation of a custom Redis module that reduces latency, network round trips, and adds pub/sub notifications.

Learn how to take your cache to the next level and encode elements of your system directly into the handling of your most accessed data.

This session will span multiple languages, but will focus on C for the Redis module implementation. Knowledge of C is not required to attend this session, as the details will be explained alongside the code with examples in higher level languages.

We've all got secrets, but nobody seems to know where to put them. This long standing issue has plagued system design for ages and still has many broken implementations. While many consider this an application concern, the foundations rest in the design of the system. Join Aaron for an in-depth workshop that will cover the following secret management solutions:

• Locally encrypted secrets with Ansible Vault
• HSM backed local secrets with SOPS
• AWS Secrets Manager
• Hashicorp Vault

Additionally, this workshop will demonstrate tools for discovering sensitive information checked in to your project.

This is a two session workshop and is best received by attending both sessions.

This course will cover the foundations of threat intelligence. It will consist of a combination of lecture and lab where we will work through the concepts of detecting indicators of attack and compromise, and building automation to process and eliminate it. This is a fully immersive, hands on workshop that will include a number of techniques, tools, and code.

It will cover the following topics:

• Threat Identification
• Threat Containment and Control
• Bot Detection and Search Engine Verification
• Indicators of Attack vs Indicators of Compromise
• Fingerprinting
• Production Deployment of Threat Intelligence Systems

Attendees will leave with a fully functional threat intelligence proof of concept system. This PoC can be used to design further capabilities or to evaluate larger commercial systems. Be prepared for an exciting day of code, modeling, and automation.