Build resilient systems at scale
May 27–29, 2015 • Santa Clara, CA

osquery: Approaching security the hacker way

Mike Arpaia (Kolide)
5:05pm–5:45pm Thursday, 05/28/2015
Location: Ballroom GH
Average rating: ****.
(4.75, 8 ratings)

Prerequisite Knowledge

If you've ever asked yourself the following questions, this talk is for you. * How do organizations approach information security at scale? What challenges do they face? * How are operating systems fundamentally affected when a computer is hacked? * Should I open source my internally developed security software? * Will the security of my organization be weakened if everyone knows how we approach security at my organization?


osquery was released as an open source product by Facebook in October 2014. It is an instrumentation framework for Ubuntu, CentOS, and OS X. osquery makes low-level operating system analytics and monitoring both performant and intuitive.

This talk will walk through why we created osquery, how we use osquery at Facebook to improve our security how other companies currently take advantage of osquery, and how you can too!

We’ll outline some of the challenges and sensitivities we faced when developing osquery and planning its open source release, as well as how we overcame those issues. Additionally, we’ll spend some time talking about why we believe open source is critical to advancing the state of trusted, secure software. Security through obscurity is dead; this is the age of security through transparency.

Photo of Mike Arpaia

Mike Arpaia


Mike Arpaia is a software engineer on the security team at Facebook where he builds software to detect, prevent and respond to compromise. Before Facebook, Mike was a senior software engineer on the security team at Etsy, the world’s handmade marketplace. Before working at Etsy, Mike worked at iSEC Partners, where he specialized in mobile application and mobile operating system security.

Mike has previously presented at over two dozen conferences in seven US states and three countries including Black Hat USA, Source Boston, DEFCON, and Nordic Security Conference, on topics such as data infrastructure and analytics, secure mobile development, mobile exploit intelligence, mobile operating system security, and information security education.