Building and maintaining complex distributed systems
June 19–20, 2017: Training
June 20–22, 2017: Tutorials & Conference
San Jose, CA

Incident Command: The far side of the edge

4:35pm–5:15pm Thursday, June 22, 2017
Location: LL21 E/F
Level: Intermediate
Average rating: ****.
(4.00, 1 rating)

Who is this presentation for?

  • Operations engineers, SREs, security engineers, and network engineers

Prerequisite knowledge

  • Basic experience implementing DevOps processes at scale and investigating security incidents at a high level

What you'll learn

  • Learn how to build a protocol that enables you to quickly respond to major incidents affecting your organization
  • Understand how Fastly developed its processes over time and how to apply these lessons to your own challenges


When a new security vulnerability is identified or during a large-scale attack, accurate and fast coordination is critical. While runbooks exist for many of the technical challenges, executing them in concert and filling the gaps between them requires creativity and quick thinking as well as discipline, a strong ability to read situations, and a willingness to make tough decisions.

As a content delivery network, Fastly operates a large internetwork and a global application environment, which face many security threats. Recognizing the impact security events can have, Fastly developed its Incident Command protocol, which it uses to deal with large-scale events. Maarten Van Horenbeeck, a lead on Fastly’s security team, and experienced incident commander Lisa Phillips explore how Incident Command was conceived and the protocols that were developed within Fastly to make it work. The two share a number of war stories that illustrate how Incident Command contributes to protecting Fastly, its customers, and the many end users relying on the service. Examples include a major software vulnerability that affected a Linux component in common use across Fastly and a large attack. Maarten and Lisa cover in detail the typical struggles a company Fastly’s size runs into when building around-the-clock incident operations and the things Fastly has put in place to make dealing with security incidents easier and more effective.

Photo of Maarten Van Horenbeeck

Maarten Van Horenbeeck


Maarten Van Horenbeeck is vice president of security engineering at Fastly, a content delivery network that speeds up web properties around the world. He is also a board member and former chairman of the Forum of Incident Response and Security Teams (FIRST), the largest association of security teams, counting 300 members in over 70 countries. Previously, Maarten managed the Threat Intelligence team at Amazon and worked on the Security teams at Google and Microsoft. Maarten holds a master’s degree in information security from Edith Cowan University and a master’s degree in international relations from the Freie Universitat Berlin. When not working, he enjoys backpacking, sailing, and collecting first-edition travel literature.

Photo of Lisa Phillips

Lisa Phillips


Lisa Phillips is vice president of site reliability engineering at Fastly. With 18 years of experience in Internet and Web technologies with emphasis on systems and database administration, architecture, engineering, and management, Lisa isn’t afraid of hard problems or scale. She brings extensive experience in implementation and management of Internet services to ensure highest levels of system availability and performance globally.