Track: Building Security Infrastructure
Day of week:
The cost of building defensible infrastructure is many times greater than the cost of successfully attacking it. Unfortunately, the security community has historically not been particularly open about sharing core pieces of their non-business critical security infrastructure. This has led to the proliferation of different solutions to the exact same problems (e.g., secret distribution, service to service communications, logging, etc.), and the waste of an incredibly rare resource: good engineering time.
The goal of this track is to bring together a diverse mix of experts and enthusiasts from industry and academia, for a day of highly technical, engaging presentations, leading to the open sharing of new and fruitful ideas.
The security community must strive for higher degrees of solution sharing and reuse, improving its collective efficiency and fostering a more effective giveback to the ecosystem, by releasing, supporting, and publicly presenting solutions and the open-source software that implements them. Hopefully, this track will be a sizable contribution in this direction.
by Bryan Payne
Leads Product & Application Security @Netflix
How can using SSH certificates improve security and simplify operations for instance access at Netflix-scale? How can you smoothly transition existing infrastructure to use SSH Certificates? Netflix created and uses BLESS, an SSH Certificate Authority that runs as an AWS Lambda function and is used to sign SSH public keys. In this talk, you will start by learning about BLESS in general: what it is, how it works, and how you can start using it. Next, we will explore the Netflix BLESS...
by Ying Li
Security Engineer @Docker
Over the last few years, more and more system administrators and developers have become concerned about guaranteeing the authenticity, integrity, and confidentiality of their network communications. TLS has emerged as the solution recommended by security practitioners for all these problems. Let's Encrypt makes it easy to get a lock icon on a web browser, but in many cases public certificate authorities are inappropriate for private and internal uses. How can you mutually authenticate and...
by Christopher Grayson
Founder and Principal Engineer @WebSightIO
Regression in codebases is a significant problem that proportionally significant amounts of effort have already been spent addressing. Regression is a similarly large problem in the realm of security, yet de-facto standards and approaches for addressing the issue remain absent. Even when security programs have the proper staff, tooling, and budgets, they commonly struggle with ensuring that security holes remain fixed after they are initially patched. This talk will explore the application...
Monday, 26 June
High Velocity Dev Teams
Working Smarter as a team. Improving value delivery of engineers. Lean and Agile principles.
Innovations in Fintech
Technology, tools and techniques supporting modern financial services.
Java - Propelling the Ecosystem Forward
Lessons from Java 8, prepping for Java 9, and looking ahead at Java 10. Innovators in Java.
Microservices: Patterns & Practices
Practical experiences and lessons with Microservices.
Modern Clientside Apps
Reactive, cross platform, progressive - webapp tech today.
Tuesday, 27 June
Architectures You've Always Wondered about
Case studies from the most relevant names in software.
Building Security Infrastructure
How our industry is being attacked and what you can do about it.
Chaos & Resilience
Failures, edge cases and how we're embracing them.
Developer Experience: Level up your engineering effectiveness
Trends, tools and projects that we're using to maximally empower your developers.
Stream Processing at Large
Rapidly moving data at scale.
Wednesday, 28 June
Immutable Infrastructures: Orchestration, Serverless, and More
What's next in infrastructure. How cloud function like lambda are making their way into production.
Machine Learning 2.0
Machine Learning 2.0, Deep Learning & Deep Learning Datasets.
Modern CS in the Real World
Applied, practical, & real-world dive into industry adoption of modern CS.
Next Gen APIs: Designs, Protocols, and Evolution
Practical deep-dives into public and internal API design, tooling and techniques for evolving them, and binary and graph-based protocols.
Maximizing your impact as an engineer, as a leader, and as a person.