Building Secure Systems sessions
Arun Kejariwal Until recently, Arun Kejariwal was a statistical learning principal at Machine Zone (MZ), where he led a team of top-tier researchers and worked on research and development of novel techniques for install and click fraud detection and assessing the efficacy of TV campaigns and optimization of marketing campaigns. In addition, his team built novel methods for bot detection, intrusion detection, and real-time anomaly detection. Previously, Arun worked at Twitter, where he developed and open-sourced techniques for anomaly detection and breakout detection. His research includes the development of practical and statistically rigorous techniques and methodologies to deliver high-performance, availability, and scalability in large-scale distributed clusters. Some of the techniques he helped develop have been presented at international conferences and published in peer-reviewed journals.
9:00am - 5:00pm Monday, June 10 & Tuesday, June 11
Location: Almaden Ballroom 2
Sebastien Deleersnyder teaches you how to use threat modeling to integrate security in the DevOps workflow, introduces threat modeling as code, and shows you how to build a security culture in your organization.
9:00am–12:30pm Tuesday, June 11, 2019
By default all Kubernetes secrets are base64 encoded and stored as plaintext in etcd. Seth Vargo shares techniques for securing Kubernetes secrets, including encryption, KMS plug-ins, and tools like HashiCorp Vault and the trade-offs of each approach to better secure their clusters.
1:30pm–5:00pm Tuesday, June 11, 2019
Christian Saide shows you how to defend your infrastructure against costly DDoS attacks by blacklisting or white-listing traffic, load-shedding, and analyzing traffic using XDP and eBPF.
11:35am–12:15pm Wednesday, June 12, 2019
Kat Fitzgerald walks you through building and maintaining a secure Kubernetes environment.
1:25pm–2:05pm Wednesday, June 12, 2019
Chaos engineering allows security incident response teams to proactively experiment on recurring incident patterns to derive new information about underlying factors that were previously unknown. Join Aaron Rinehart to explore the hidden costs of security incidents, learn a new technique for uncovering system weaknesses in systems security, and more.
3:50pm–4:30pm Wednesday, June 12, 2019
You may have heard about CVE-2018-1002105, one of the most severe Kubernetes security vulnerabilities of all time. But how does this flaw work? How can it be exploited, and what does it all mean? Ian Coldwater takes a deep dive into the exploit to explain the risks and gives you practical advice about how to protect your clusters.
4:45pm–5:25pm Wednesday, June 12, 2019
As BuzzFeed transitioned to microservices, it needed to secure a growing number of internal tools. BuzzFeed's first solution was an open source auth service deployed in front of each app, but this approach had a number of scaling issues. Shraya Ramani discusses SSO, BuzzFeed's open source, homegrown, centralized solution which elegantly solved this problem.