Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Mark Nunnikhoven Profile picture
Mark Nunnikhoven
@marknca
Security @Amazon. Focusing help helping everyone better understand security & privacy 🐘: @marknca@infosec.exchange 🧑‍💻: Tweets my own

Aug 24, 2021, 34 tweets

Eric Brandwine up now at @awscloud #reinforce

he’s talking about building a culture of #security

scale quickly became a problem in building the #security organization at AWS

@awscloud #reinforce

Eric realized they couldn’t scale up the team to the size of AWS, it just wasn’t possible

they had to figure out a way to help the organization build the #security culture itself

@awscloud #reinforce

effectively tenets are rules for a culture. hard to write them down but they are critical

@awscloud #reinforce

“Out tenets…unless you know better ones” << love this

@awscloud #reinforce

#security cultural tenets are published internally at AWS. they have to be transparent and open, so people know what the team values

@awscloud #reinforce

1st #security tenet of AWS;

“We lead in preventing unauthorized access to AWS resources: our customers’ or ours. We continuously assess our systems, identify exposures, evaluate risks, and relentlessly drive mitigations.”

@awscloud #reinforce

2nd #security tenet of AWS:

“We constantly provide visibility to senior leadership into the biggest potential risks, backed up with data and carefully prioritized.”

@awscloud #reinforce

key quote, “#security at AWS is a DATA DRIVEN discipline”, Eric Brandwine

@awscloud #reinforce

3rd #security tenet of AWS:

“We escalate appropriately yet aggressively to ensure that security issues are resolved promptly and with high judgement. If in doubt, we will escalate.”

@awscloud #reinforce

“Make high velocity, high quality decisions” << love it

@awscloud #reinforce

“Escalation within the AWS security organization is free” << Eric Brandwine points out the need to make it a comfortable action to escalate appropriately

@awscloud #reinforce

inappropriate escalations => feedback that training, tooling, and data should be improved

@awscloud #reinforce

4th tenet of AWS #security culture:

“We are guardians of customer privacy and trust. We advocate for our customers in all security engagements.”

@awscloud #reinforce

side note: Eric is crushing this talk

(as expected)

@awscloud #reinforce

“Is now the time to speak up for our customers?", the answer is always “Yes” << you need to build a culture where that is encouraged and widely accepted

@awscloud #reinforce

5th tenet of @awscloud #security:

“We own security for all of AWS, including 3rd party & oss. We take nothing as a given & extensively test all of our components, even those built by other parts of the co. If something doesn’t work fo run, we will move off to it”

#reinforce

btw, here’s another great talk from Eric, Leadership Session: Aspirational Security … from #reinforce 2019



@awscloud #reinforce

…and this great interview with @werner, “15 years of Amazon S3 - Security is Job Zero“,

@awscloud #reinforce

…and this one from re:Invent 2018, “The Tension Between Absolutes & Ambiguity in Security”,

@awscloud #reinforce

…always frustrating when I can’t find someone’s twitter handle. Eric is at @ebrandwine…which let’s admit is pretty obscure and hard to figure out 🤣

@awscloud #reinforce

6th tenet of AWS #security:

“We are the one-stop shop for all security questions within AWS. In cases where we don’t own the answer, we own getting the question answered.”

@awscloud #reinforce

this tenet helps avoid ticket “ping pong” << 💯

@awscloud #reinforce

this tenet also demonstrates a choice made for the betterment of the org. it’s not optimal for the security team but is optimal for the organization overall

@awscloud #reinforce

7th tenet of @awscloud:

“We drive our work to focus on the most critical security risks for the business. They will be prioritized 1st for the biz & then for the service teams. We will ensure each expectation is well understood, actionable, & supported by appropriate tooling”

“At our scale, you have to panic strategically”, @ebrandwine

@awscloud #reinforce

some other team’s tenets...

@awscloud #reinforce

2 of the @awscloud crypto team’s tenets 👇

@awscloud #reinforce

these tenets (and others) help the team focus. when they are internalized by everyone on the team, they are part of the discussion and help everyone work together to meet their goals...

@awscloud #reinforce

some @awscloud S3 tenets 👇

@awscloud #reinforce

also of note to event organizers: speakers should always control their own slides

@awscloud #reinforce

all of the current AWS #security tenets on a single slide 👇

@awscloud #reinforce

another amazing talk by @ebrandwine…definitely check it out on the replay on YouTube…hopefully…soon?

@awscloud #reinforce

next up is IAM with Karen Haberkorn…new thread 👇

@awscloud #reinforce

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling