My AWS Access Key Nightmares... and Solutions

Presented at Diana Initiative 2020 Virtual, Aug. 21, 2020, 2 p.m. (30 minutes).

As a Security Engineer, a lot of things worry me. Between S3 buckets possibly being open to the public, firewall rules exposing endpoints accidentally, and insecure coding practices, I need to stay on my toes. But those are possible to audit for and address. No, the thing that keeps me up at night is the possibility of someone leaving the keys to our kingdom sitting around somewhere: AWS Access Keys. Journey with me into my nightmare scenarios, and hear me talk about the solutions that allow me to get back to sleep afterwards.


Presenters:

  • Emily Gladstone Cole - Speaker
    Emily is currently a Staff Security Engineer for Agari Data, Inc., and spends a lot of time thinking about the ways that DevOps and Security intersect. Emily has performed critical organizational roles of security research, incident response, product security, devops engineer, system administrator, tech support, security expert, operations specialist, and project lead. Emily specializes in Unix security and is a co-author of a book on Solaris Security for the SANS Institute, and serves as a Mentor for SANS' CyberTalent Immersion Academy for Women. She has spoken about DevOps and Security at DevOpsDays Silicon Valley, multiple Security BSides conferences, the Diana Initiative, Day of Shecurity, and the USENIX LISA conference. She holds GSEC, GCED, GPPA, GCIH and ITIL certifications, and is a Certified Scrum Master.

Links:

Similar Presentations: