Skip to content

Instantly share code, notes, and snippets.

@mtheoryx

mtheoryx/conference-talk-outline.md

Last active March 13, 2020 18:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save mtheoryx/5f961c6b436bde41bc36e9a13f382abc to your computer and use it in GitHub Desktop.
Save mtheoryx/5f961c6b436bde41bc36e9a13f382abc to your computer and use it in GitHub Desktop.
Download ZIP
Initial conf talk outline
Raw
conference-talk-outline.md

Event-driven Security with AWS Security Services

Who is CleanSlate Technology Group

Some Sales Team member will do this part

Intro

There are 3 common types of Clouds

  • The ones you're in, and you know you're not doing things right. (known-knowns)
  • The ones you're in, and you don't know if you're doing things right. (known-unknowns)
  • The ones you started to move to, but are not sure what "right" looks like. (unknown-unknowns)

Inspiration, Rumsfeld, 2002 Pentagon News briefing

We all want a more secure presence. We all want a more available presence. We all want a more informed presence.

Nobody likes:

  • Surprises
  • Being on the hook for fixing things they don't know how to fix
  • Being on the hook for fixing things they CAN fix, but aren't allowed to fix
  • Having to fix broken things at all

What if we thought about this problem from a user-centered point of view. Like all good software, we start with identifying problems, and user personas who will be part of the solution.

We're going to do that here today. Together.

Security and Availability Concerns

Here we talk about types of event sources

Some things that mean "security":

  • Are production workloads unavailable? Security
  • Do things change unexpectedly? Security
  • Can we have dangerous changes to networking? Security
  • Can our builds fail with no insight? Security

It's all a security concern. Security of your cloud is not just ports and firewalls. It's providing confidence that things are operating as designed.

So what are some sources of security concerns we could chat about?

  • Instance failures
  • Ports opened
  • AWS config rules in alarm
  • CPU usage is higher than expected
  • Someone logged in with the sacred "Root Account"
  • API or Login failures

User roles in our organization

  • Security

We are watching. We have situation rooms, fabulous status monitors, and lets be honest.. it looks really cool. But the truly dangerous stuff... that doesn't belong in some log or audit report, or even as a graphic on the bit TV wall. We need something else. Something more direct and immediate.

  • Development Team

We want to move code from our machines, into production. There are many steps in between like code review and CI builds. But our only goal is SHIPPING to production so our users have the features they need.

  • Operations Support

We keep the lights on, everything humming along, and we must respond quicly to production outages. When systems are down, users are frustrated, and data corruption is possible.

Our User Stories

Use Case: Dev Team

This one is a bit more familiar. The dev team users slack for their communications, and has some automation set up for insight into their CI servers. If the server CPU runs too high, for too long, someone needs to go look at what's going wrong.

  • Use Slack, build server, this CPU usage is TOO DANG HIGH

Use Case: Security

We've properly secured our Root account with MFA, a strong password, and disabled CLI keys. But if someone does log in as Root, it is considered a "break-glass" event. We will send a text message immediately to our Chief Security Officer if this happens.

  • Use Twilio, Root login

Use Case: Operations

This is the middle of the night fear. Thankfully, we have a portable, battery powered, cellular LTE-enabled IoT device that can alert us, even if we turn our phone off.

  • Use IoT, prod server down

Some code or demo, pre arranged incidents

Note: Due to the non-instantaneous Cloudwatch alerts, we may have to "fake it" a bit

  • Trigger a slack alert
  • Trigger a twilio sms alert
  • Trigger an IoT device alert wiht lights and sound

Next Steps

  • Present closing slide with some info for what to do next
    • Get the slides
    • Set up some alerts
    • Set up some integrations and try them out
    • Start user-mapping at your organization
    • Make a plan
    • A short link where you can find all the content
      • Slides (running as a website)
      • Source code for code examples
      • Site with conf info, contact info, etc (gatsby, ssl, amplify)

Questions

  • Find me at the booth at X times today and tomorrow (Times TBD)

Final Sales pitch

I presume this is a sales team representative doing this part?

Budget

Total (est): $125.45

The following items are either required for the presentation, or as fallbacks in case something fails. The items, prices, and links are detailed below.

Particle

Subtotal (est) $59.00 (plus data costs if over free plan)

  • Boron LTE Kit (North America)

https://store.particle.io/collections/cellular/products/boron-lte-kit

Adafruit

SubTotal (est) $66.45

Abstract

As submitted to the CFP, not part of the talk

Centralized cloud security and compliance combined with democratized incident response can ensure that the right information gets to the right teams, at the right time, so security events can be managed swiftly and appropriately. In this presentation, we show how a flexible combination of security controls, automation, API integrations, IoT, and notification services can enhance your Security Operations team’s effectiveness and allow developers to also embrace and support response efforts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment