remote & #wfh have changed “normal” for organizations, #security needs to adjust (should’ve done that already!) in order to assess risk and properly monitor what’s going on
nice shout out from @StephenSchmidt to the #security community to make sure that we have a clear demarcation between work and home…need it to avoid burnout
“If you’re a ship at sea, you don’t want to be responsible for predicting the weather…you want professionals behind that analysis to help you out”, @StephenSchmidt
don’t try to compete in real-time with attackers. you’re not going to win. set things up ahead of time. lots of automation is the key to strong #security in the @awscloud
btw, a lot of what @StephenSchmidt is talking about around prevention and resiliency is covered in the relatively unknown @awscloud Well-Architected Framework, “Management and Governance Lens”
sidebar: this was one of my favourite customer segments in an @awscloud keynote is a very long time. Brian is a great speaker and his message is exactly where #security needs to be going
I land here. it's not bad though a bit of a pitch, "AWS is the #1 place for you to run containers and 80% of all containers in the cloud run on @awscloud" << but will MINE?!?
…and the challenge of virtual events rears it ugly head. other more pressing matters popped up and I’ve missed what seems like a great talk and discussion on IAM 😔
lots of different legislation out there around data protection and #privacy. combined with a push to the cloud, lots of change in a traditionally slow area of GRC
of course, the execution of this script took a while. about 6 hours. so I ran a couple quick, smaller scale tests and when I had things locked. I ran the script 👆