Starting soon: the #reInforce keynote with @awscloud CISO Steve Schmidt. Joined by ~12,000 of our closest friends, we're going to see what's new in the world of Cloud Security.

First thing that's new: 12K people apparently care about security.

Starting with a video of @ajassy speaking at reInvent. He'd have been here in person, but that's not frugal at all. #reInforce

And another snippet of @werner. He'd be here too but he encrypted his username for registration (encrypt everything!) and forgot the passphrase. #reInforce

BREAKING: Steve Schmidt just announced there might be a second #reInforce conference!

"We might talk about when and where it could be later this morning."

"What the ^@$(#! did he just say?!" -- Boston Convention Center Staff

"I wish I could tell you everything was great, have a nice conference, but there's work to do." #reInforce

Railing against industry FUD. "The sky isn't falling, and that's not the tone we're taking with #reInforce."

"What the #&#$ did he just say?!" --Vendors in the Expo Hall

Okay, I'll admit applying Thoreau to cloud computing hadn't occurred to me until this slide. #reInforce

Talking about BCM, DR, and being able to recover within the bounds of a single country. Data residency requirements are a real thing.

If you had "GDPR" on your Keynote Bingo card, good call. #reInforce

"Buildings can fail."

@hpe already working on their "Buildingless" brand strategy for 2020. #reInforce

He alludes (without naming names) to Azure's "Region" equating to AWS's "Availability Zones."

Now doubling down on it-- "Not even an AZ, a single datacenter!"

This is a very real thing when you realize that fiber's natural predator is the noble backhoe. #reInforce

"Take out your phone and google how many a provider of your choice has."

Oracle Cloud's page on AZs and Regions promptly falls over as more than 3 people hit it, tripling high-side load estimates. #reInforce

Talking about Config's price change.

I have beef with what he's saying. "Most of our customers will halve their Config bill." But a select few will increase, breaking the implicit contract @awscloud has with its customers. That's not a small thing.

#reInforce

94% of what we see on the internet is encrypted.

Yet somehow @awscloud still releases services that don't speak TLS on day one of launch. Neptune being a recent example. #reInforce

Now talking about Ground Station. Both of the customers to whom this will apply perk up. #reInforce

Holy shit he just mentioned my talk with Beetle. "Corey Quinn of Last Week in AWS" just made it into an @awscloud keynote.

#reInforce

And @abbyfuller takes the stage!

The best alternative, of course, is pushing someone else into a safety net. #reInforce

"The point of SLAs is to hold people accountable." --@abbyfuller

YES! If you're depending upon SLA service credits to make you whole, I have some bad news for you. *YOU* own your availability; nobody else. #reInforce

Abby steps through the various security models of instances, containers, etc. Delving into Nitro. #reInforce

Talking about how Nitro is air-gapped from the user-accessible bits, putting the lie to the very vaguely worded "all cloud providers susceptable to firmware hacks on their metal instances" FUD that was going around a few months back. #reInforce

Wait, she just referenced Dom0 in a Nitro context. I thought that was a Xen construct, whereas the Nitro hypervisor is KVM based? I'm clearly missing something in my understanding; can someone help? #reInforce

It's easy to see @abbyfuller as an incredibly talented public speaker--and completely forget that she's a principal engineer.

They do NOT pass those titles out like candy. Underestimate Abby at your own peril. #reInforce

Now Steve returns to talk about Governance.

I work in governance, but if you start talking about Cloud Economics that way it drives people off. #reInforce

"This is what we're going to be focusing on driving out of business over the next five years."

"Also a bunch of these companies are our sponsor, so thanks to them for that!"

#reInforce

"Why talk about company procurement systems, they're boring."

"Without them the AWS Marketplace would be a ghost town." #reInforce

This keynote is moving at a good clip.

And config continues to improve! #reInforce

IAM Access Advisor is awesome. @bjohnso5y took me through it yesterday.

Actual response: "Holy crap you use a *LOT* of AWS services!"

Yes. Yes I do. #reInforce

Now Brian Riley, the BLARING LOUD INTRO MUSIC at @LibertyMutual takes the stage. #reInforce

Liberty Mutual is based here in Boston.

This is what tech looks like outside of the bay. It's not Twitter for Pets, it's insurance companies. #reInforce

"There's no decision we can make today that will still be right a year from now, because the cloud is changing so fast." #reInforce

Oof, AV glitch. "We lost the slides. Sorry, I hacked it." They come back, Brian continues unruffled.

"Responding calmly to the unexpected" is what defines security professionals. #reInforce

Ooh, @rayadverb (personal humorist inspiration) got quoted! #reInforce

Most vendors don't understand why Steve just said "No tool will ever be perfect" to paying customers.

This is why most vendors fail to earn trust. #reInforce

Talking about Amazon Macie, the ML-driven service that's named after Princess Macie, whom you will have to kidnap for ransom to pay for it. #reInforce

Talking about resource-based policies that control various permissions.

Unfortunately they're still not framing what the new tooling can do in a way that relatively unsophisticated users can understand them. #reInforce

CapitalOne's speaker is also a great pick. It's hard to get a more credible customer security reference than "a freaking bank." #reInforce

*competing cloud vendor takes notes, books Equifax as marquee reference customer* #reInforce

"CapitalOne is working to change banking for good."

CapitalOne: What's In Your--Wait Who Took My Wallet?! #reInforce

Mentioned Symantec's new thing.

I still remember their buying anything vaguely relevant and ruining it. VMware's doing the former now; the latter is still unwritten. #reInforce

"Compliance and security walk hand-in-hand" for values of 'walk' that extend to what a drunken toddler might do. #reInforce

DISCLAIMER: Don't give alcohol to children, @fakeoraclelarry. I feel I need to be very clear on this point.

"This is the old way" leads Steve Schmidt. $5 says Machine Learning / modern day serpent grease makes an appearance on the next slide... #reInforce

Surprise, it's SageMaker! What does it solve for your company? No idea, but it absolutely sells a metric ton of storage and compute for large cloud providers.

In this digital gold rush, they're cheerfully selling pickaxes made of GPUs. #reInforce

You can use ML to find anomalies, abberant behavior... pretty much everything except "a business model for ML." #reInforce

"People are using ML successfully to solve problems in the real world" Steve says, stretching both 'successfully' and 'solve' to their definitional breaking points. #reInforce

Every time he uses the phrase "Security Tools" I expect it to be to introduce some shady vendor who bought a speaking slot. #reInforce

"What the hell kind of keynote is this--they're not releasing four new services a minute!"

reInvent breaks expectations in unfortunate ways. Fortunately, here's one: #reinforce

"No security story is complete without our partners" interjecting FUD to sell their nonsense.

I may have added the second part. #reInforce

"I do not like the term DevSecOps." Applause line right there. #reInforce

When I hear the term I'm convinced you're about to try to sell me something. Badly.

Hear more at my FinDevSecQAOps conference later this year! #reInforce

Launching a ten city global security roadshow.
#reInforce

Sydney, Tokyo, Tel Aviv, and more.

Next year's re:Inforce is going to be in Texas.

And that's the keynote! If you've enjoyed my sense of "humor," I'll be giving the Foundations track Valuenote at 3:15 in room 206. See you there... #reInforce