SlideShare a Scribd company logo

Devina Dhawan's talk - Women and non binary focused intro to AWS

AWS Chicago
AWS Chicago

"Transitioning to AWS in a Hurry Without Getting Owned" - Devina Dhawan, Security Engineer at Etsy // @TheUlzo

Technology
1 of 39
Download to read offline
Transitioning to AWS in a hurry without getting owned (Hopefully...) Devina Dhawan 02/06/2017 - Women & Non-Binary Focused intro to AWS Email: 3@etsy.com Twitter: @theulzo 1
Introduction 2 ● Etsy (Jan 2015 - Present) ● Orbitz (May 2014 - Dec 2015) ● University of Illinois in Chicago
Etsy operates a global marketplace where people around the world connect, both online and offline, to make, sell and buy unique goods. 3
Security at Etsy 4 ● Evangelizing Security at Etsy ○ Candy is a great way to make friends ○ Allow the conversation about security to be comfortable and inviting.
What is this talk about? • I will help you improve your existing AWS infrastructure • You will walk away with action items • http://bit.ly/2EnZU1q 5
“Securing Amazon Web Services” 6
7 - Traditional bare metal - Minimal footprint in the clouds Infrastructure
Where to begin?
9 ● Evident.io ○ Scans of configurations to see if anything is misconfigured ● Password policies? ● Multi-factor Authentication ● Jira Tickets Evident.io
10 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
Scout2 ● Github Page: https://github.com/nccgro up/Scout2 ● Reports for all accounts ● Tie that into alerts manually
12 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
Changes I made… like a goon • Password policy to the highest scrutiny • Removed all admin roles from accounts that didn’t need them (aka hadn’t used aws in 2 yrs and didn’t have any api keys tied to their user) 13
Password Policies
My first Etsy communication Hello X, Looks like you still do not have MFA set up on your AWS account. Go ahead and go to Identity & Access Management in your Amazon Web Services console -> find your username -> Manage MFA Device. Note: If you no longer need your AWS account, please let me know! Devina
Version 2.0 Hello X, Looks like you still do not have MFA set up on your AWS account. It looks like you used your AWS account recently as well, so please sign up for MFA by 03/31/16 or your account will be suspended. Go ahead and go to Identity & Access Management in your Amazon Web Services console -> find your username -> Manage MFA Device. Note: If you no longer need your AWS account, please let me know! Your neighborhood candy provider, Devina
Oops...
Multiple statements which allow you to: ● Resync MFA devices ● Deactivate MFA devices ● List MFA devices ● Primary, management Other policies: ● Forcing MFA
Oof…
Aws-cli for account creation Becoming really used to the aws client is really useful too!
Using Terraform for IAM ● What is terraform? ● What can it do? ○ Static creds ○ Environment variables ○ Shared creds ○ EC2 Roles
Static Creds
23 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
Logging in AWS - Cloudtrail
ELK
Alert Types Email: ● Daily Roundup Emails ○ No production impacting ● High Risk Alerts ○ Enough resources to handle IRC/Slack/Jabber: ● Slack & Dropbox Collect the alerts: ● Splunk ● 411 / Elastalert
30 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Scout2 # Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
Inbound/Outbound
EC2 Roles
33 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Scout2 # Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
Bucket Policies
● Bug Bounties at Etsy: https://www.etsy.com/bounty ● S3 Scanner Github: https://github.com/bear/s3scan ○ Report of all s3 buckets and perms ○ Likely how bountiers are finding out about your misconfigured policies.
38 So… it happened, what do I do now? ❏ Write down all the systems you need to take care of ❏ Find out what you need to fix on all systems, write that down ❏ Start with the low-hanging fruit ❏ Over communicate what you are doing. ❏ Work with networking on the AWS network ❏ Create default rulesets & roles ❏ Work with IT/helpdesk to handle account provisioning ❏ Work with systems engineering to handle provisioning of services ❏ … profit?
THANKS! 3@etsy.com @theulzo

Recommended

MJ Berends talk - Women & Non-Binary Focused Intro to AWS
MJ Berends talk - Women & Non-Binary Focused Intro to AWS MJ Berends talk - Women & Non-Binary Focused Intro to AWS
MJ Berends talk - Women & Non-Binary Focused Intro to AWS
AWS Chicago
 
Introduction 2 to aws and storage options
Introduction 2 to aws and storage optionsIntroduction 2 to aws and storage options
Introduction 2 to aws and storage options
Szilveszter Molnár
 
Introduction to scaling your WordPress site past a single node using AWS
Introduction to scaling your WordPress site past a single node using AWSIntroduction to scaling your WordPress site past a single node using AWS
Introduction to scaling your WordPress site past a single node using AWS
WP Engine
 
Intro To Serverless ClojureScript
Intro To Serverless ClojureScriptIntro To Serverless ClojureScript
Intro To Serverless ClojureScript
Jim Lynch
 
WordCamp IL 2016 - WordPress Scale on AWS
WordCamp IL 2016 - WordPress Scale on AWSWordCamp IL 2016 - WordPress Scale on AWS
WordCamp IL 2016 - WordPress Scale on AWS
Boaz Ziniman
 
Containerize all the things!
Containerize all the things!Containerize all the things!
Containerize all the things!
Mike Melusky
 
Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)
Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)
Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)
Seven Peaks Speaks
 
AWS KSS
AWS KSSAWS KSS
AWS KSS
NeeleEilers
 

Recommended

MJ Berends talk - Women & Non-Binary Focused Intro to AWS
MJ Berends talk - Women & Non-Binary Focused Intro to AWS MJ Berends talk - Women & Non-Binary Focused Intro to AWS
MJ Berends talk - Women & Non-Binary Focused Intro to AWS
AWS Chicago
 
Introduction 2 to aws and storage options
Introduction 2 to aws and storage optionsIntroduction 2 to aws and storage options
Introduction 2 to aws and storage options
Szilveszter Molnár
 
Introduction to scaling your WordPress site past a single node using AWS
Introduction to scaling your WordPress site past a single node using AWSIntroduction to scaling your WordPress site past a single node using AWS
Introduction to scaling your WordPress site past a single node using AWS
WP Engine
 
Intro To Serverless ClojureScript
Intro To Serverless ClojureScriptIntro To Serverless ClojureScript
Intro To Serverless ClojureScript
Jim Lynch
 
WordCamp IL 2016 - WordPress Scale on AWS
WordCamp IL 2016 - WordPress Scale on AWSWordCamp IL 2016 - WordPress Scale on AWS
WordCamp IL 2016 - WordPress Scale on AWS
Boaz Ziniman
 
Containerize all the things!
Containerize all the things!Containerize all the things!
Containerize all the things!
Mike Melusky
 
Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)
Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)
Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)
Seven Peaks Speaks
 
AWS KSS
AWS KSSAWS KSS
AWS KSS
NeeleEilers
 
Signal r azurepresentation
Signal r azurepresentationSignal r azurepresentation
Signal r azurepresentationJustin Wendlandt
 
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech TalksUsing Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
Amazon Web Services
 
Serverless Systems: The Future is Here
Serverless Systems: The Future is HereServerless Systems: The Future is Here
Serverless Systems: The Future is Here
gedoplan
 
Serverless Computing with AWS
Serverless Computing with AWSServerless Computing with AWS
Serverless Computing with AWS
TransferWiseSG
 
Dockercon plugins session
Dockercon plugins sessionDockercon plugins session
Dockercon plugins sessionWeaveworks
 
NDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design PatternsNDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design Patterns
Ryan Green
 
DNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your termsDNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your terms
Jess Coburn
 
A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015
Weaveworks
 
TDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDBTDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDB
Valeri Karpov
 
Cloud Amazon Service
Cloud Amazon Service Cloud Amazon Service
Cloud Amazon Service
Remo Sam
 
Dev-Friendly Ops
Dev-Friendly OpsDev-Friendly Ops
Dev-Friendly Ops
Josh Schramm
 
AWS Cloudfront Fundamentals
AWS Cloudfront FundamentalsAWS Cloudfront Fundamentals
AWS Cloudfront Fundamentals
Piyush Agrawal
 
WordPress Development Environments
WordPress Development EnvironmentsWordPress Development Environments
WordPress Development Environments
Josh Cummings
 
Inrastructure as Code
Inrastructure as CodeInrastructure as Code
Inrastructure as Code
Charles Anderson
 
Level 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – VersentLevel 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – Versent
Amazon Web Services
 
WordPress Deployment
WordPress DeploymentWordPress Deployment
WordPress Deployment
Swain Strickland
 
Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)
Aswin Juari
 
Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)
Julien SIMON
 
AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton
AWSCOMSUM
 
Cassandra Development Nirvana
Cassandra Development Nirvana Cassandra Development Nirvana
Cassandra Development Nirvana
DataStax
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
Deborah Schalm
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
DevOps.com
 

More Related Content

What's hot

Signal r azurepresentation
Signal r azurepresentationSignal r azurepresentation
Signal r azurepresentationJustin Wendlandt
 
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech TalksUsing Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
Amazon Web Services
 
Serverless Systems: The Future is Here
Serverless Systems: The Future is HereServerless Systems: The Future is Here
Serverless Systems: The Future is Here
gedoplan
 
Serverless Computing with AWS
Serverless Computing with AWSServerless Computing with AWS
Serverless Computing with AWS
TransferWiseSG
 
Dockercon plugins session
Dockercon plugins sessionDockercon plugins session
Dockercon plugins sessionWeaveworks
 
NDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design PatternsNDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design Patterns
Ryan Green
 
DNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your termsDNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your terms
Jess Coburn
 
A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015
Weaveworks
 
TDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDBTDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDB
Valeri Karpov
 
Cloud Amazon Service
Cloud Amazon Service Cloud Amazon Service
Cloud Amazon Service
Remo Sam
 
Dev-Friendly Ops
Dev-Friendly OpsDev-Friendly Ops
Dev-Friendly Ops
Josh Schramm
 
AWS Cloudfront Fundamentals
AWS Cloudfront FundamentalsAWS Cloudfront Fundamentals
AWS Cloudfront Fundamentals
Piyush Agrawal
 
WordPress Development Environments
WordPress Development EnvironmentsWordPress Development Environments
WordPress Development Environments
Josh Cummings
 
Inrastructure as Code
Inrastructure as CodeInrastructure as Code
Inrastructure as Code
Charles Anderson
 
Level 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – VersentLevel 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – Versent
Amazon Web Services
 
WordPress Deployment
WordPress DeploymentWordPress Deployment
WordPress Deployment
Swain Strickland
 
Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)
Aswin Juari
 
Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)
Julien SIMON
 
AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton
AWSCOMSUM
 
Cassandra Development Nirvana
Cassandra Development Nirvana Cassandra Development Nirvana
Cassandra Development Nirvana
DataStax
 

What's hot (20)

Signal r azurepresentation
Signal r azurepresentationSignal r azurepresentation
Signal r azurepresentation
 
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech TalksUsing Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
 
Serverless Systems: The Future is Here
Serverless Systems: The Future is HereServerless Systems: The Future is Here
Serverless Systems: The Future is Here
 
Serverless Computing with AWS
Serverless Computing with AWSServerless Computing with AWS
Serverless Computing with AWS
 
Dockercon plugins session
Dockercon plugins sessionDockercon plugins session
Dockercon plugins session
 
NDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design PatternsNDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design Patterns
 
DNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your termsDNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your terms
 
A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015
 
TDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDBTDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDB
 
Cloud Amazon Service
Cloud Amazon Service Cloud Amazon Service
Cloud Amazon Service
 
Dev-Friendly Ops
Dev-Friendly OpsDev-Friendly Ops
Dev-Friendly Ops
 
AWS Cloudfront Fundamentals
AWS Cloudfront FundamentalsAWS Cloudfront Fundamentals
AWS Cloudfront Fundamentals
 
WordPress Development Environments
WordPress Development EnvironmentsWordPress Development Environments
WordPress Development Environments
 
Inrastructure as Code
Inrastructure as CodeInrastructure as Code
Inrastructure as Code
 
Level 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – VersentLevel 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – Versent
 
WordPress Deployment
WordPress DeploymentWordPress Deployment
WordPress Deployment
 
Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)
 
Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)
 
AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton
 
Cassandra Development Nirvana
Cassandra Development Nirvana Cassandra Development Nirvana
Cassandra Development Nirvana
 

Similar to Devina Dhawan's talk - Women and non binary focused intro to AWS

Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
Deborah Schalm
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
DevOps.com
 
It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?
Ken Johnson
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
HashiCorp
 
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
Amazon Web Services
 
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOpsIn the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
Garth Boyd
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit Atlanta
Chris Farris
 
Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3
aspyker
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit Giri
OWASP Delhi
 
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
Ken Johnson
 
AWS & Infrastructure Hardening - Cloud Infrastructure Security
AWS & Infrastructure Hardening - Cloud Infrastructure SecurityAWS & Infrastructure Hardening - Cloud Infrastructure Security
AWS & Infrastructure Hardening - Cloud Infrastructure Security
Nutanix Beam
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
apponix123
 
User Credential handling in Web Applications done right
User Credential handling in Web Applications done rightUser Credential handling in Web Applications done right
User Credential handling in Web Applications done right
tladesignz
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
John Varghese
 
Jump Start your First Hour with AWS
Jump Start your First Hour with AWSJump Start your First Hour with AWS
Jump Start your First Hour with AWS
Amazon Web Services
 
Wrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS AccountsWrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS Accounts
Andrew Bienert
 
004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx
nitinscribd
 
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
John Martinez
 
Top 23 Things Not to Do in AWS
Top 23 Things Not to Do in AWSTop 23 Things Not to Do in AWS
Top 23 Things Not to Do in AWS
Ervan Setiawan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
 

Similar to Devina Dhawan's talk - Women and non binary focused intro to AWS (20)

Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
 
It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
 
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
 
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOpsIn the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit Atlanta
 
Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit Giri
 
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
 
AWS & Infrastructure Hardening - Cloud Infrastructure Security
AWS & Infrastructure Hardening - Cloud Infrastructure SecurityAWS & Infrastructure Hardening - Cloud Infrastructure Security
AWS & Infrastructure Hardening - Cloud Infrastructure Security
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
 
User Credential handling in Web Applications done right
User Credential handling in Web Applications done rightUser Credential handling in Web Applications done right
User Credential handling in Web Applications done right
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
 
Jump Start your First Hour with AWS
Jump Start your First Hour with AWSJump Start your First Hour with AWS
Jump Start your First Hour with AWS
 
Wrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS AccountsWrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS Accounts
 
004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx
 
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
 
Top 23 Things Not to Do in AWS
Top 23 Things Not to Do in AWSTop 23 Things Not to Do in AWS
Top 23 Things Not to Do in AWS
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

More from AWS Chicago

AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user group
AWS Chicago
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
AWS Chicago
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptx
AWS Chicago
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
AWS Chicago
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
AWS Chicago
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
AWS Chicago
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
AWS Chicago
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
AWS Chicago
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptx
AWS Chicago
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
AWS Chicago
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
AWS Chicago
 
Mohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptxMohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptx
AWS Chicago
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
AWS Chicago
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdf
AWS Chicago
 
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
AWS Chicago
 
MichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxMichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptx
AWS Chicago
 
Michal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdfMichal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdf
AWS Chicago
 
Kamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxKamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptx
AWS Chicago
 
John Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxJohn Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptx
AWS Chicago
 
JuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxJuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptx
AWS Chicago
 

More from AWS Chicago (20)

AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user group
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptx
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptx
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Mohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptxMohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptx
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdf
 
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
 
MichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxMichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptx
 
Michal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdfMichal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdf
 
Kamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxKamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptx
 
John Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxJohn Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptx
 
JuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxJuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptx
 

Recently uploaded

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 

Recently uploaded (20)

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 

Devina Dhawan's talk - Women and non binary focused intro to AWS

  • 1. Transitioning to AWS in a hurry without getting owned (Hopefully...) Devina Dhawan 02/06/2017 - Women & Non-Binary Focused intro to AWS Email: 3@etsy.com Twitter: @theulzo 1
  • 2. Introduction 2 ● Etsy (Jan 2015 - Present) ● Orbitz (May 2014 - Dec 2015) ● University of Illinois in Chicago
  • 3. Etsy operates a global marketplace where people around the world connect, both online and offline, to make, sell and buy unique goods. 3
  • 4. Security at Etsy 4 ● Evangelizing Security at Etsy ○ Candy is a great way to make friends ○ Allow the conversation about security to be comfortable and inviting.
  • 5. What is this talk about? • I will help you improve your existing AWS infrastructure • You will walk away with action items • http://bit.ly/2EnZU1q 5
  • 7. 7 - Traditional bare metal - Minimal footprint in the clouds Infrastructure
  • 9. 9 ● Evident.io ○ Scans of configurations to see if anything is misconfigured ● Password policies? ● Multi-factor Authentication ● Jira Tickets Evident.io
  • 10. 10 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
  • 11. Scout2 ● Github Page: https://github.com/nccgro up/Scout2 ● Reports for all accounts ● Tie that into alerts manually
  • 12. 12 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
  • 13. Changes I made… like a goon • Password policy to the highest scrutiny • Removed all admin roles from accounts that didn’t need them (aka hadn’t used aws in 2 yrs and didn’t have any api keys tied to their user) 13
  • 15. My first Etsy communication Hello X, Looks like you still do not have MFA set up on your AWS account. Go ahead and go to Identity & Access Management in your Amazon Web Services console -> find your username -> Manage MFA Device. Note: If you no longer need your AWS account, please let me know! Devina
  • 16. Version 2.0 Hello X, Looks like you still do not have MFA set up on your AWS account. It looks like you used your AWS account recently as well, so please sign up for MFA by 03/31/16 or your account will be suspended. Go ahead and go to Identity & Access Management in your Amazon Web Services console -> find your username -> Manage MFA Device. Note: If you no longer need your AWS account, please let me know! Your neighborhood candy provider, Devina
  • 18. Multiple statements which allow you to: ● Resync MFA devices ● Deactivate MFA devices ● List MFA devices ● Primary, management Other policies: ● Forcing MFA
  • 20. Aws-cli for account creation Becoming really used to the aws client is really useful too!
  • 21. Using Terraform for IAM ● What is terraform? ● What can it do? ○ Static creds ○ Environment variables ○ Shared creds ○ EC2 Roles
  • 23. 23 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
  • 24. Logging in AWS - Cloudtrail
  • 25.
  • 26.
  • 27.
  • 28. ELK
  • 29. Alert Types Email: ● Daily Roundup Emails ○ No production impacting ● High Risk Alerts ○ Enough resources to handle IRC/Slack/Jabber: ● Slack & Dropbox Collect the alerts: ● Splunk ● 411 / Elastalert
  • 30. 30 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Scout2 # Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
  • 33. 33 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Scout2 # Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
  • 35.
  • 36.
  • 37. ● Bug Bounties at Etsy: https://www.etsy.com/bounty ● S3 Scanner Github: https://github.com/bear/s3scan ○ Report of all s3 buckets and perms ○ Likely how bountiers are finding out about your misconfigured policies.
  • 38. 38 So… it happened, what do I do now? ❏ Write down all the systems you need to take care of ❏ Find out what you need to fix on all systems, write that down ❏ Start with the low-hanging fruit ❏ Over communicate what you are doing. ❏ Work with networking on the AWS network ❏ Create default rulesets & roles ❏ Work with IT/helpdesk to handle account provisioning ❏ Work with systems engineering to handle provisioning of services ❏ … profit?