no one is happy with the abbreviated format but I’m grateful that @awscloud cancelled the in-person event, just not worth it

let’s make the most of this virtual event

…that’s an exciting comment from the CISO of one of the most advanced #security orgs on the planet. lot of possibilities!

#reinforce

in a security conscious environment, texts like this 👆 should set off alarm bells

@awscloud #reinforce

are you educating your teams? do you have guardrails in place to help avoid mistakes?

@awscloud #reinforce

GuardDuty ingests partner threat feeds as well as @awscloud data in order to generate findings

more on those findings at docs.aws.amazon.com/guardduty/late…

#reinforce

GuardDuty customers see a 4-6 week head start with anomalies compared to traditional security threat analysis

@awscloud #reinforce

. @awscloud Security Hub is an actual hub. almost everything sends data to it

turn it on with a single click in your AWS account

more at aws.amazon.com/security-hub/

@awscloud #reinforce

pricing is reasonable. details at aws.amazon.com/security-hub/p…

@awscloud #reinforce

think, “auto remediation”

…also @awscloud Lambda…lots and lots of Lambdas

#reinforce

. @StephenSchmidt’s example around overly permissive permissions is a common issue

use tools like @awscloud IAM Access Analyzer to avoid this one

more at docs.aws.amazon.com/IAM/latest/Use…

@awscloud #reinforce

if you’re new to #ransomware, here’s a quick way to catch up

markn.ca/ransomware

@awscloud #reinforce

#ransomware in @awscloud usually equates to a loss of access to their accounts. resiliency and prevention is critical here

@awscloud #reinforce

I ❤️@StephenSchmidt’s keynotes because he always adds these “do this now” steps that take you 5-10m and deliver rapid #security value TODAY

well done Stephen!

(as usual 😉)

@awscloud #reinforce

btw, a lot of what @StephenSchmidt is talking about around prevention and resiliency is covered in the relatively unknown @awscloud Well-Architected Framework, “Management and Governance Lens”

docs.aws.amazon.com/wellarchitecte…

yes, it sounds super boring but it’s chalk full of gold

more on AWS Backup Audit Manager at aws.amazon.com/blogs/aws/moni…

@awscloud #reinforce

“Making backups is a good FIRST step. Having an automated testing process for restoration is key to making sure things work”, @StephenSchmidt

@awscloud #reinforce

btw, every one of these 👆 issues is the SECURITY TEAM’s problem…not the users

we need to do a lot better at education and building systems with delightful #ux

@awscloud #reinforce

…and if you’re doing things right, the security team includes the teams that are building all of your systems 😉

@awscloud #reinforce

“Free is a solid price point”, @StephenSchmidt

referring to the fact that @awscloud IAM is $0.00

#reinforce

if you want to setup @awscloud IAM “work hours”, you can read about the required policies at docs.aws.amazon.com/IAM/latest/Use…

#reinforce

side note: you should also be following @QuinnyPig’s tweet 💩⛈ too!

@awscloud #reinforce

all of the “access analyzer” features are part of an @awscloud initiative called, “provable security"

learn more about this (trust me, it’s super interesting and cool. lots of math under the hood) at aws.amazon.com/security/prova…

#reinforce

build a culture that is OK with “I don’t need access to that data"

@awscloud #reinforce

“Keep humans away from data”, @StephenSchmidt << excellent advice…make sure you have good systems and automation in place

@awscloud #reinforce

this ties back to the Shared Responsibility Model. almost all of this area of supply chain #security is in @awscloud’s area of the model

@awscloud #reinforce

. @hbomax is deployed globally serving 67 million customers

@awscloud #reinforce

grrr….still dealing with weird geographic licensing though

that has nothing to do with security but is still frustrating to me as a 🤓

🇨🇦

@awscloud #reinforce

“visibility and guardrails” not “controls and limitations”

@awscloud #reinforce

shout out (-ish) for Cloud Custodian. more details on this amazing project at cloudcustodian.io

@awscloud #reinforce

“We should not be fixing the same problem twice”, Brian @hbomax << hell yeah!

@awscloud #reinforce

“If we’re not responding at the speed of a tweet, we’re not delivering for our customers”, Brian Lozada, CISO @hbomax

@awscloud #reinforce

sidebar: this was one of my favourite customer segments in an @awscloud keynote is a very long time. Brian is a great speaker and his message is exactly where #security needs to be going

well done!

@awscloud #reinforce

regardless, it’s a good segue to @awscloud Nitro Enclaves

learn more at aws.amazon.com/ec2/nitro/nitr…

#reinforce

dive deeper into Nitro Enclaves with this talk from @colmmacc from re:Invent 2020



@awscloud #reinforce

more about @awcloud VPC Endpoints: docs.aws.amazon.com/vpc/latest/pri…

#reinforce

1. keep things in your own VPC, use endpoints, etc.

@awscloud #reinforce

more on the tool at aws.amazon.com/well-architect…

@awscloud #reinforce

more on @awscloud’s view of zero trust at aws.amazon.com/security/zero-…

@awscloud #reinforce

here’s a great video from Quint Van Deman @awscloud from re:Invent 2020 on Zero Trust



#reinforce

remember that whole “cybersecurity vs. information security” rant I go on regularly?

👆 contracts is a good example. not a cybersecurity control but an #infosec one

@awscloud #reinforce

more information on GDPR in @awscloud up at aws.amazon.com/compliance/gdp…

#reinforce

…information management is critical to a strong security and data privacy practice…but it’s almost never in place

orgs usually default to a “inside & outside” level of granularity. we need better tooling around classification and management for data

@awscloud #reinforce

given the simplicity of encrypting things in the @awscloud, there’s no reason not to have this as the default for all of YOUR builds

@awscloud #reinforce

I’m glad that @StephenSchmidt makes light of this topic’s “cool” factor. it’s critical but objectively boring

here’s the list of @awscloud compliance attestations: aws.amazon.com/compliance/pro…

#reinforce

🤣🤣🤣

spend some time with the service & become an expert user of it…

@awscloud #reinforce

I laugh, chuckle, and giggle simply because AWS Artifact is essentially a single web page with a bunch of links to download compliance documents

you’ll use it once a year, maybe once a quarter but it lets you get those critical compliance documents

@awscloud #reinforce

ohh, @StephenSchmidt did shout it out!

@awscloud #reinforce

on to the #security competency partners now...

@awscloud #reinforce

list of @awscloud #security competency partners up at aws.amazon.com/security/partn…

#reinforce

2nd shout out for AWS Artifact!

@awscloud #reinforce

remember, if you want to work on your #security skills, the @awscloud Security certification is a great goal to aim for

aws.amazon.com/certification/…

#reinforce

short break and then the next session is up!

@awscloud #reinforce

this is a great time to go back and read @QuinnyPig’s inevitably hilarious thread covering the keynote 👇

@awscloud #reinforce

here’s the launch blog for AWS Backup Audit Manager: aws.amazon.com/blogs/aws/moni…

@awscloud #reinforce

starting a new thread for the next @awscloud #reinforce session. check it out 👇