,
52 tweets,
21 min read
Read on Twitter
Starting soon: the #reInforce keynote with @awscloud CISO Steve Schmidt. Joined by ~12,000 of our closest friends, we're going to see what's new in the world of Cloud Security.
First thing that's new: 12K people apparently care about security.
First thing that's new: 12K people apparently care about security.
Starting with a video of @ajassy speaking at reInvent. He'd have been here in person, but that's not frugal at all. #reInforce
And another snippet of @werner. He'd be here too but he encrypted his username for registration (encrypt everything!) and forgot the passphrase. #reInforce
BREAKING: Steve Schmidt just announced there might be a second #reInforce conference!
"We might talk about when and where it could be later this morning."
"What the ^@$(#! did he just say?!" -- Boston Convention Center Staff
"We might talk about when and where it could be later this morning."
"What the ^@$(#! did he just say?!" -- Boston Convention Center Staff
"I wish I could tell you everything was great, have a nice conference, but there's work to do." #reInforce
Railing against industry FUD. "The sky isn't falling, and that's not the tone we're taking with #reInforce."
"What the #&#$ did he just say?!" --Vendors in the Expo Hall
"What the #&#$ did he just say?!" --Vendors in the Expo Hall
Okay, I'll admit applying Thoreau to cloud computing hadn't occurred to me until this slide. #reInforce
Talking about BCM, DR, and being able to recover within the bounds of a single country. Data residency requirements are a real thing.
If you had "GDPR" on your Keynote Bingo card, good call. #reInforce
If you had "GDPR" on your Keynote Bingo card, good call. #reInforce
"Buildings can fail."
@hpe already working on their "Buildingless" brand strategy for 2020. #reInforce
@hpe already working on their "Buildingless" brand strategy for 2020. #reInforce
He alludes (without naming names) to Azure's "Region" equating to AWS's "Availability Zones."
Now doubling down on it-- "Not even an AZ, a single datacenter!"
This is a very real thing when you realize that fiber's natural predator is the noble backhoe. #reInforce
This is a very real thing when you realize that fiber's natural predator is the noble backhoe. #reInforce
"Take out your phone and google how many a provider of your choice has."
Oracle Cloud's page on AZs and Regions promptly falls over as more than 3 people hit it, tripling high-side load estimates. #reInforce
Oracle Cloud's page on AZs and Regions promptly falls over as more than 3 people hit it, tripling high-side load estimates. #reInforce
Talking about Config's price change.
I have beef with what he's saying. "Most of our customers will halve their Config bill." But a select few will increase, breaking the implicit contract @awscloud has with its customers. That's not a small thing.
#reInforce
I have beef with what he's saying. "Most of our customers will halve their Config bill." But a select few will increase, breaking the implicit contract @awscloud has with its customers. That's not a small thing.
#reInforce
94% of what we see on the internet is encrypted.
Yet somehow @awscloud still releases services that don't speak TLS on day one of launch. Neptune being a recent example. #reInforce
Yet somehow @awscloud still releases services that don't speak TLS on day one of launch. Neptune being a recent example. #reInforce
Now talking about Ground Station. Both of the customers to whom this will apply perk up. #reInforce
Holy shit he just mentioned my talk with Beetle. "Corey Quinn of Last Week in AWS" just made it into an @awscloud keynote.
#reInforce
#reInforce
And @abbyfuller takes the stage!
The best alternative, of course, is pushing someone else into a safety net. #reInforce
The best alternative, of course, is pushing someone else into a safety net. #reInforce
"The point of SLAs is to hold people accountable." --@abbyfuller
YES! If you're depending upon SLA service credits to make you whole, I have some bad news for you. *YOU* own your availability; nobody else. #reInforce
YES! If you're depending upon SLA service credits to make you whole, I have some bad news for you. *YOU* own your availability; nobody else. #reInforce
Abby steps through the various security models of instances, containers, etc. Delving into Nitro. #reInforce
Talking about how Nitro is air-gapped from the user-accessible bits, putting the lie to the very vaguely worded "all cloud providers susceptable to firmware hacks on their metal instances" FUD that was going around a few months back. #reInforce
Wait, she just referenced Dom0 in a Nitro context. I thought that was a Xen construct, whereas the Nitro hypervisor is KVM based? I'm clearly missing something in my understanding; can someone help? #reInforce
It's easy to see @abbyfuller as an incredibly talented public speaker--and completely forget that she's a principal engineer.
They do NOT pass those titles out like candy. Underestimate Abby at your own peril. #reInforce
They do NOT pass those titles out like candy. Underestimate Abby at your own peril. #reInforce
Now Steve returns to talk about Governance.
I work in governance, but if you start talking about Cloud Economics that way it drives people off. #reInforce
I work in governance, but if you start talking about Cloud Economics that way it drives people off. #reInforce
"This is what we're going to be focusing on driving out of business over the next five years."
"Also a bunch of these companies are our sponsor, so thanks to them for that!"
#reInforce
"Also a bunch of these companies are our sponsor, so thanks to them for that!"
#reInforce
"Why talk about company procurement systems, they're boring."
"Without them the AWS Marketplace would be a ghost town." #reInforce
"Without them the AWS Marketplace would be a ghost town." #reInforce
This keynote is moving at a good clip.
And config continues to improve! #reInforce
IAM Access Advisor is awesome. @bjohnso5y took me through it yesterday.
Actual response: "Holy crap you use a *LOT* of AWS services!"
Yes. Yes I do. #reInforce
Actual response: "Holy crap you use a *LOT* of AWS services!"
Yes. Yes I do. #reInforce
Now Brian Riley, the BLARING LOUD INTRO MUSIC at @LibertyMutual takes the stage. #reInforce
Liberty Mutual is based here in Boston.
This is what tech looks like outside of the bay. It's not Twitter for Pets, it's insurance companies. #reInforce
This is what tech looks like outside of the bay. It's not Twitter for Pets, it's insurance companies. #reInforce
"There's no decision we can make today that will still be right a year from now, because the cloud is changing so fast." #reInforce
Oof, AV glitch. "We lost the slides. Sorry, I hacked it." They come back, Brian continues unruffled.
"Responding calmly to the unexpected" is what defines security professionals. #reInforce
"Responding calmly to the unexpected" is what defines security professionals. #reInforce
Most vendors don't understand why Steve just said "No tool will ever be perfect" to paying customers.
This is why most vendors fail to earn trust. #reInforce
This is why most vendors fail to earn trust. #reInforce
Talking about Amazon Macie, the ML-driven service that's named after Princess Macie, whom you will have to kidnap for ransom to pay for it. #reInforce
Talking about resource-based policies that control various permissions.
Unfortunately they're still not framing what the new tooling can do in a way that relatively unsophisticated users can understand them. #reInforce
Unfortunately they're still not framing what the new tooling can do in a way that relatively unsophisticated users can understand them. #reInforce
CapitalOne's speaker is also a great pick. It's hard to get a more credible customer security reference than "a freaking bank." #reInforce
*competing cloud vendor takes notes, books Equifax as marquee reference customer* #reInforce
"CapitalOne is working to change banking for good."
CapitalOne: What's In Your--Wait Who Took My Wallet?! #reInforce
CapitalOne: What's In Your--Wait Who Took My Wallet?! #reInforce
Mentioned Symantec's new thing.
I still remember their buying anything vaguely relevant and ruining it. VMware's doing the former now; the latter is still unwritten. #reInforce
I still remember their buying anything vaguely relevant and ruining it. VMware's doing the former now; the latter is still unwritten. #reInforce
"Compliance and security walk hand-in-hand" for values of 'walk' that extend to what a drunken toddler might do. #reInforce
DISCLAIMER: Don't give alcohol to children, @fakeoraclelarry. I feel I need to be very clear on this point.
DISCLAIMER: Don't give alcohol to children, @fakeoraclelarry. I feel I need to be very clear on this point.
"This is the old way" leads Steve Schmidt. $5 says Machine Learning / modern day serpent grease makes an appearance on the next slide... #reInforce
Surprise, it's SageMaker! What does it solve for your company? No idea, but it absolutely sells a metric ton of storage and compute for large cloud providers.
In this digital gold rush, they're cheerfully selling pickaxes made of GPUs. #reInforce
In this digital gold rush, they're cheerfully selling pickaxes made of GPUs. #reInforce
You can use ML to find anomalies, abberant behavior... pretty much everything except "a business model for ML." #reInforce
"People are using ML successfully to solve problems in the real world" Steve says, stretching both 'successfully' and 'solve' to their definitional breaking points. #reInforce
Every time he uses the phrase "Security Tools" I expect it to be to introduce some shady vendor who bought a speaking slot. #reInforce
"What the hell kind of keynote is this--they're not releasing four new services a minute!"
reInvent breaks expectations in unfortunate ways. Fortunately, here's one: #reinforce
reInvent breaks expectations in unfortunate ways. Fortunately, here's one: #reinforce
"No security story is complete without our partners" interjecting FUD to sell their nonsense.
I may have added the second part. #reInforce
I may have added the second part. #reInforce
"I do not like the term DevSecOps." Applause line right there. #reInforce
When I hear the term I'm convinced you're about to try to sell me something. Badly.
When I hear the term I'm convinced you're about to try to sell me something. Badly.
Hear more at my FinDevSecQAOps conference later this year! #reInforce
Launching a ten city global security roadshow.
#reInforce
Sydney, Tokyo, Tel Aviv, and more.
Next year's re:Inforce is going to be in Texas.
#reInforce
Sydney, Tokyo, Tel Aviv, and more.
Next year's re:Inforce is going to be in Texas.
And that's the keynote! If you've enjoyed my sense of "humor," I'll be giving the Foundations track Valuenote at 3:15 in room 206. See you there... #reInforce
