Look Ma, No Hands! - Decentralizing security for scale

Presented at BSidesSF 2017, Feb. 13, 2017, 4:10 p.m. (30 minutes).

What does your security operations team look like? A bunch of folks sitting in a blue-lit room starting at telemetry data from systems they didn't even design let alone operate? That's what ours looked like too, until we learned that decentralizing most security functions is far more effective than dedicated teams. In order to scale security without the bottleneck of security team headcount, we need to think different. Everyone needs to be a security engineer. In this talk I'll describe some of the organizational changes that have worked for us, as well as show off few internal security tools we've built to put usable security into the hands of developers.

Presenters:

• Chris Dorros
  Chris Dorros spends his days at OpenDNS (Cisco) as a Tech Lead in Security Engineering, where he designs resilient infrastructure supporting over 80 billion DNS requests per day. In a past life Chris worked in security at NASA JPL, CERT/CC, Lockheed Martin, and studied infosec in grad school at Carnegie Mellon.

Links:

• https://bsidessf2017.sched.com/event/9IL8/look-ma-no-hands-decentralizing-security-for-scale

Similar Presentations:

• GrrCON 2014 / Security Hopscotch
• GrrCON 2013 / Security Counterknowledge
• LocoMocoSec 2019 / Security learns to sprint: DevSecOps