Track: Building Security Infrastructure

Day of week:

The cost of building defensible infrastructure is many times greater than the cost of successfully attacking it. Unfortunately, the security community has historically not been particularly open about sharing core pieces of their non-business critical security infrastructure. This has led to the proliferation of different solutions to the exact same problems (e.g., secret distribution, service to service communications, logging, etc.), and the waste of an incredibly rare resource: good engineering time.

The goal of this track is to bring together a diverse mix of experts and enthusiasts from industry and academia, for a day of highly technical, engaging presentations, leading to the open sharing of new and fruitful ideas.

The security community must strive for higher degrees of solution sharing and reuse, improving its collective efficiency and fostering a more effective giveback to the ecosystem, by releasing, supporting, and publicly presenting solutions and the open-source software that implements them. Hopefully, this track will be a sizable contribution in this direction.

Track Host:
Diogo Monica
Security Lead @Docker
Diogo Mónica is the security lead at Docker, an open platform for building, shipping and running distributed applications. He was an early employee at Square where he led the platform security team, has a BSc, MSc and PhD degrees in Computer Science, serves on the board of advisors of several security startups, and is a long-time IEEE Volunteer.

by Bryan Payne
Leads Product & Application Security @Netflix

How can using SSH certificates improve security and simplify operations for instance access at Netflix-scale? How can you smoothly transition existing infrastructure to use SSH Certificates? Netflix created and uses BLESS, an SSH Certificate Authority that runs as an AWS Lambda function and is used to sign SSH public keys. In this talk, you will start by learning about BLESS in general: what it is, how it works, and how you can start using it. Next, we will explore the Netflix BLESS...

by Ying Li
Security Engineer @Docker

Over the last few years, more and more system administrators and developers have become concerned about guaranteeing the authenticity, integrity, and confidentiality of their network communications. TLS has emerged as the solution recommended by security practitioners for all these problems. Let's Encrypt makes it easy to get a lock icon on a web browser, but in many cases public certificate authorities are inappropriate for private and internal uses. How can you mutually authenticate and...

by Christopher Grayson
Founder and Principal Engineer @WebSightIO

Regression in codebases is a significant problem that proportionally significant amounts of effort have already been spent addressing. Regression is a similarly large problem in the realm of security, yet de-facto standards and approaches for addressing the issue remain absent. Even when security programs have the proper staff, tooling, and budgets, they commonly struggle with ensuring that security holes remain fixed after they are initially patched. This talk will explore the application...


Monday, 26 June

Tuesday, 27 June

Wednesday, 28 June