Build Systems that Drive Business
June 11–12, 2018: Training
June 12–14, 2018: Tutorials & Conference
San Jose, CA

Building Secure Systems sessions

Security can no longer be a bolt-on at the end of projects. This track explores how to incorporate security best practices into your system architecture from the ground up into every layer of your applications.

Track host

Kevin Burke ( Burke ( likes building great experiences. He helped scale Twilio and Shyp and currently runs a software consultancy. Kevin once accidentally left Waiting for Godot at the intermission.

11:25am–12:05pm Wednesday, June 13, 2018
Location: LL21 E/F Level: Intermediate
Secondary topics: Systems Architecture & Infrastructure
Scott Wimer (Smartsheet)
Scott Wimer explains how to support the GDPR’s Right to be Forgotten through targeted, secure data destruction. Read more.
1:15pm–1:55pm Wednesday, June 13, 2018
Location: LL21 E/F Level: Beginner
Secondary topics: Systems Architecture & Infrastructure
Neal Mueller (Google)
Average rating: ****.
(4.50, 2 ratings)
Google conducted the first longitudinal study of the underground ecosystem fueling credential theft and identified 12.4 million potential victims of phishing kits. Neal Mueller discusses this data and shares phishing demos and recommendations about the effectiveness of phishing prevention tools, including education, antivirus software, filtering, 2FA, password managers, and security keys. Read more.
2:10pm–2:50pm Wednesday, June 13, 2018
Location: LL21 E/F Level: Non-technical
Secondary topics: Resilient, Performant & Secure Distributed Systems
Serena Chen (BNZ Digital)
Average rating: *****
(5.00, 4 ratings)
What insights do we gain if we apply user experience design to information security? Serena Chen shares four strategies that apply design thinking to security problems, pinpointing which practices work and which are detrimental. Serena then walks you through some common flows and dissects how design decisions affect your personal security. Read more.
3:40pm–4:20pm Wednesday, June 13, 2018
Location: LL21 E/F Level: Intermediate
Secondary topics: Resilient, Performant & Secure Distributed Systems
Luis Colon (Amazon Web Services)
Average rating: ****.
(4.25, 4 ratings)
Many fundamental security practices and controls apply to serverless applications, including implementing proper monitoring and logging of all requests and events. Luis Eduardo Colon explores recommendations published by the Center for Internet Security (CIS), explains how to automate the deployment of some of these controls, and outlines considerations relevant to serverless functions. Read more.
4:35pm–5:15pm Wednesday, June 13, 2018
Location: LL21 E/F Level: Advanced
Secondary topics: Distributed State
John Miller (Fauna)
Average rating: *....
(1.33, 3 ratings)
The complexity of distributed databases makes building tools for their declarative automation a daunting engineering challenge. Drawing from his experience of developing multiple configuration automation systems for databases, John Miller explores patterns that generally apply to building declarative management tooling for distributed stateful systems. Read more.