the @awscloud #security leadership session featuring @mosescj58 is starting now…
What we can learn from customers: Accelerating innovation at AWS Security
#reinvent
What we can learn from customers: Accelerating innovation at AWS Security
#reinvent
“Everyday I get to learn about the problems we can solve for customers, and how we can do that”, @mosescj58
#reinvent
#reinvent
@mosescj58 drawing the parallels between his sport—racing—and #security
- both driven by data
- safety is a key factor for success
#reinvent
- both driven by data
- safety is a key factor for success
#reinvent
more than 90% of all the things @awscloud creates is directly from customers…the other 10% was built on behalf of those customers 😉
#reinvent
#reinvent
@mosescj58 sharing some of his previous roles in law enforcement and the parallels in his role with @AWSSecurityInfo today
both looking for one tiny indicator amid a torrent of data
#reinvent
both looking for one tiny indicator amid a torrent of data
#reinvent
@awscloud has the scale to enable security
pre-AWS @mosescj58 was working with @jeffbarr back in 2007. those conversations kicked off a ton of security work
…which brought CJ to AWS
#reinvent
pre-AWS @mosescj58 was working with @jeffbarr back in 2007. those conversations kicked off a ton of security work
…which brought CJ to AWS
#reinvent
1st challenge: isolate workloads in a data center
…wow, think about that vs. what we heard in Peter DeSantis’ keynote on Monday about @awscloud Lambda function isolation
#reinvent
…wow, think about that vs. what we heard in Peter DeSantis’ keynote on Monday about @awscloud Lambda function isolation
#reinvent
@mosescj58 reminiscing about the scrappy startup days of @AWSSecurityInfo
bean bag chairs => hand me down cube from AOL (!) in a dingy corner…working together as a small team cracking on a deeply interesting & challenging problem
#reinvent
bean bag chairs => hand me down cube from AOL (!) in a dingy corner…working together as a small team cracking on a deeply interesting & challenging problem
#reinvent
experiments lead to virtualizing the network layer. that was what provided the isolation needed
#reinvent
#reinvent
by, the main “home” for @AWSSecurityInfo is aws.amazon.com/security/
…though there’s a ton of info everywhere in the service docs/whitepapers/etc.
#reinvent
…though there’s a ton of info everywhere in the service docs/whitepapers/etc.
#reinvent
that’s a new visual for the shared responsibility model. I think that’s much clearer than the older one w/way too many layers shown
#reinvent
#reinvent
“If you have access or control, you have responsibility”, @mosescj58 << great summary and ‘cheatsheet’ for the @awscloud shared responsibility model
#reinvent
#reinvent
all of the data that @AWSSecurityInfo gathers from their perspective informs new @awscloud services and features
that’s why we’re seeing so many new feature advances in things like Amazon Macie and Amazon GuardDuty
#reinvent
that’s why we’re seeing so many new feature advances in things like Amazon Macie and Amazon GuardDuty
#reinvent
more on @awscloud Macie at aws.amazon.com/macie/
…Amazon GuardDuty at aws.amazon.com/guardduty/
#reinvent
…Amazon GuardDuty at aws.amazon.com/guardduty/
#reinvent
exposed credentials are a continuing challenge. IAM helps reduce the blast radius (good ol’ principle of least privilege) and @awscloud Security Hub helps shine a light on those issues
#reinvent
#reinvent
@mosescj58 calls out—again, and will do again & again—how valuable MFA or multi-factor authentication is
more details at aws.amazon.com/iam/features/m…
remember if you’re onsite, you can pick up a hardware MFA key…and you can always use an MFA app
#reinvent
more details at aws.amazon.com/iam/features/m…
remember if you’re onsite, you can pick up a hardware MFA key…and you can always use an MFA app
#reinvent
details on getting an MFA key onsite 👇
#reinvent
https://twitter.com/AWSSecurityInfo/status/1597263326589120514
#reinvent
@mosescj58 moving into six 🔑 learnings for @AWSSecurityInfo:
1. educate everyone about #security
2. build a security-first culture
3. hire & develop the best
#reinvent
1. educate everyone about #security
2. build a security-first culture
3. hire & develop the best
#reinvent
...continuing the six 🔑 learnings...
4. shift left & automate
5. invest in a dynamic workforce
6. make security the department of “yes, and…”
#reinvent
4. shift left & automate
5. invest in a dynamic workforce
6. make security the department of “yes, and…”
#reinvent
btw, @mosescj58’s voice is toast 🍞, but he’s powering through like a champ
hang in there CJ!
#reinvent
hang in there CJ!
#reinvent
increasing threat continue to drive the shift to the cloud
…this is a data problem. @awscloud Security Lake is designed to help remove barriers in analyzing that data and drawing insights from it
#reinvent
…this is a data problem. @awscloud Security Lake is designed to help remove barriers in analyzing that data and drawing insights from it
#reinvent
more on @awscloud Security Lake in this blog post by @channyun…but you already knew that 😉
aws.amazon.com/blogs/aws/prev…
#reinvent
aws.amazon.com/blogs/aws/prev…
#reinvent
next prediction: we need more #security professionals. broaden your search net. we need more diversity and neurodiversity in our community
more perspectives only make things better
#reinvent
more perspectives only make things better
#reinvent
next prediction: automate everything
why? there’s just too much data that needs protecting…and too much security data that needs to be processed. the only way is automation
#reinvent
why? there’s just too much data that needs protecting…and too much security data that needs to be processed. the only way is automation
#reinvent
the new automated data discovery from Amazon Macie aims to help with this
session SEC209, “Continuous innovation in AWS threat detection & monitoring services” covers this in more depth (on the @AWSEvents YouTube channel soon)
#reinvent
session SEC209, “Continuous innovation in AWS threat detection & monitoring services” covers this in more depth (on the @AWSEvents YouTube channel soon)
#reinvent
another feature that helps here is external key store (XKS) for @awscloud KMS (key management system)
blog post on that is available at aws.amazon.com/blogs/aws/anno…
#reinvent
blog post on that is available at aws.amazon.com/blogs/aws/anno…
#reinvent
this one is massive. @awscloud Verified Permissions
blog post: aws.amazon.com/blogs/security…
product page: aws.amazon.com/verified-permi…
#reinvent
blog post: aws.amazon.com/blogs/security…
product page: aws.amazon.com/verified-permi…
#reinvent
another @AWSSecurityInfo IAM feature: multiple MFA devices for root users and IAM users
blog at aws.amazon.com/blogs/security…
#reinvent
blog at aws.amazon.com/blogs/security…
#reinvent
btw, Verified Permissions is part of the broader “provable security” initiative from @AWSSecurityInfo
tons of great features/services have come from this push
program page is up at aws.amazon.com/security/prova…
#reinvent
tons of great features/services have come from this push
program page is up at aws.amazon.com/security/prova…
#reinvent
@mosescj58 diving into some post-quantum cryptography details. lots of work going on here in the community
blog post: aws.amazon.com/about-aws/what…
#reinvent
blog post: aws.amazon.com/about-aws/what…
#reinvent
@deneendefiore is speaking to the resiliency challenges with technology. every traveller interaction @united crosses a lot of different systems, #security and resiliency are critical at each stage
#reinvent
#reinvent
on automation, @deneendefiore talks about leveraging @AWSSecurityInfo services and automating their own systems to ensure that builders @united are starting from strong, secure-by-default positions
#reinvent
#reinvent
@deneendefiore @AWSSecurityInfo @united on culture: @deneendefiore points out that aviation is already a safety aware culture. it’s an “easy” bridge to #security …when compared to other verticals
that common understanding makes collaboration a lot easier
if you don’t have it, you can build that culture
#reinvent
that common understanding makes collaboration a lot easier
if you don’t have it, you can build that culture
#reinvent
another great call out that everyone can use: find the cultural points in your organization that are already there. use those as #security entry points
@deneendefiore & @united use regular safety briefings that are already in place
❤️👆
#reinvent
@deneendefiore & @united use regular safety briefings that are already in place
❤️👆
#reinvent
@deneendefiore @united @mosescj58 calls out @awscloud's approach with #security learning/education
check out and use their solution at learnsecurity.amazon.com/en/index.html
#reinvent
check out and use their solution at learnsecurity.amazon.com/en/index.html
#reinvent
@deneendefiore @united @mosescj58 @awscloud @deneendefiore's focus for 2023:
- be brilliant at the basics
- advance capabilities as your environment changes (tech/biz/regulatory/etc.)
- enable the business!
#reinvent
- be brilliant at the basics
- advance capabilities as your environment changes (tech/biz/regulatory/etc.)
- enable the business!
#reinvent
@deneendefiore @united @mosescj58 @awscloud on to the challenges around recruiting, developing, and maintaining #security talent...
#reinvent
#reinvent
@deneendefiore is a great example of a lot of #security career path...from anywhere. there's no one path to get into security
if you're hiring, understand that. yes, it's more work, but so, so worth it
#reinvent
if you're hiring, understand that. yes, it's more work, but so, so worth it
#reinvent
@deneendefiore key point from @mosescj58: you can hire a diverse set of ppl, but if you don't have a culture of inclusion...they aren't going to stay or succeed!
#reinvent
#reinvent
@deneendefiore @mosescj58 ...and that's a wrap from the #security leadership session by @mosescj58 at #reinvent 2022!
hopefully, he's now off to get some tea 🍵 for his voice
hopefully, he's now off to get some tea 🍵 for his voice
• • •
Missing some Tweet in this thread? You can try to
force a refresh
