Lyft Cartography: Automating Security Visibility and Democratization

Presented at BSidesSF 2019, March 3, 2019, 11 a.m. (30 minutes)

Lyft Security Intelligence team mission is to "Empower the company to make informed and automated security decisions." To achieve our mission, we invested in our cartography capabilities that aim at keeping track of our assets but most importantly, the relationship and interaction between them. The talk provides insight on an intelligence service solution implemented by Lyft Security Intelligence team to tackle knowledge consolidation and improve decision making. Attendees of this session will be introduced to the platform we implemented along with a broad set of scenarios that allow us to burndown security debt, detect assumptions drift, and enable teams to explore their service and environment. Furthermore, Lyft will release the platform to the open source community as part of the conference and provide details on how it can be extended to adapt to each need.

Presenters:

• Sacha Faust - Lyft
  Sacha Faust is the engineering manager for Lyft's Security Intelligence team and previously led the Microsoft Cloud + Enterprise (C+E) Red Team. His mission is to empower organizations to make informed and automated security decisions through democratizing and automating security decision loops. He is a self-taught security enthusiast that started his professional career in 1998, joined Lyft in 2017, and has worked on Office365, Azure, SPIDynamics, and consulting at PwC.

Links:

• https://bsidessf2019.sched.com/event/Jdce/lyft-cartography-automating-security-visibility-and-democratization

Similar Presentations:

• Black Hat USA 2010 / Security is Not a Four Letter Word
• AppSec USA 2015 / Security as Code: A New Frontier
• DerbyCon 3.0 All in the Family (2013) / Operationalizing Security Intelligence in the Enterprise