Avoiding insidious points of compromise in infrastructure access systems

Presented at BSidesSF 2022 Rescheduled, June 4, 2022, 4 p.m. (25 minutes).

Listen to war stories and learn how to build secure infrastructure access systems! We chat about five classic incidents: FluffyBunny (2001), Operation Aurora (2009), DigiNotar (2011), NotPetya (2017), SolarWinds (2020) and why they suggest the industry definition of "zero-trust" is basically wrong.


Presenters:

  • Sharon Goldberg - BastionZero
    Sharon Goldberg is the CEO/Co-Founder of BastionZero, a startup that is reimagining the tools that engineers use to secure remote access to infrastructure. She is also a tenured professor in the Computer Science Department at Boston University. Her research focuses on infrastructure security and cryptography, she has contributed to BGP, NTP, DNS cryptocurrency and cryptography standards, worked extensively with the IETF and has authored over 30 peer-reviewed technical papers.

Links: