Presented at
BruCON 0x0A (2018),
Oct. 3, 2018, 2:30 p.m.
(60 minutes)
In this talk, Mark will be discussing his 5+ years at Riot Games where the InfoSec team has developed a security program (https://engineering.riotgames.com/news/evolution-security-riot)
based on feedback and self-service, across a truly hybrid infrastructure.
Starting with a recap of his 2015 BruCON talk (Feedback Security), Mark will dive into where the team failed and succeeded in the years since the talk. He will dive into areas such as:
- internal RFCs
- developer education & collaboration on solutions
- receiving feedback when the team don't hit the bar and acting on it
- in-house tools designed and developed to provide visibility into the security posture of AWS
- open-sourcing tools and contributing to other open-source projects
An attendee should:
- see some pretty cool art (not created by Mark, obviously)
- understand where the Riot InfoSec team failed and succeeded
- learn about a self-service, feedback-driven approach to security, where the InfoSec team is embraced, not hated
Disclaimer :: There will be no cool exploits, 0days or buffer overloads in this talk.
Presenters:
-
Mark Hillick
Mark leads Player Security at Riot Games, makers of League Legends. Prior to moving to the US, Mark built and led Riot’s InfoSec team in Europe. At Riot, he has done everything from building teams, occasional engineering, levelling up the security program, dealing with DDoS attacks and providing a secure cloud for Riot’s developers. Before Riot, Mark worked in the tech and financial industries, passed the GIAC GSE and has contributed to the community through CTFs and as a volunteer incident handler. Outside of Infosec, Mark spends his spare time in the water or on the slopes, struggling to keep up with his kids.
Links:
Similar Presentations: