Slides from my Dev Chat at the Atlanta AWS Summit.
or How 4th Grade Math, Spreadsheets and a lot of Lambda improved my employer's cloud security posture.
2. Who am I?
● Cloud Security Architect for Turner Broadcasting
● My job is to keep the Russians off cnn.com and my
friends from downloading Rick & Morty
5. The Problem
● 200 AWS Accounts
● 80 Development Teams
● Varying levels of cloud experience
● Myth of The Great Firewall Charlie Brown
● InfoSec team will get the blame
● This: 14 million customer records leaked
4 million credit cards stolen
Millions of classified images stolen
6. Accountability & Account-Ability
● Every AWS Account has a VP accountable to Security
and Finance for all activities
● Every team gets a prod and non-prod account
● This is how you get to
200+ accounts!
● Automation is key
13. Cloud Security Standard
- KISS
- Focus on your risk and your culture
- CIS Benchmarks are valuable
- Consensus Driven
- Requirements “must”
- Best Practices “should”
14. Build your AWS Inventory
1. Get all accounts
2. Fire off lambda for
each account
3. Build Reports
4. Profit!