ÜberConf - July 17 - 20, 2018 - No Fluff Just Stuff
NFJS2025

Aaron Bedra

ÜberConf

Denver · July 17 - 20, 2018

You are viewing details from a past event
Aaron Bedra

Senior Engineer at DRW

Aaron Bedra is a Senior Engineer at DRW, where he works at the intersection trading and technology. He has served as a Chief Security Officer, Chief Technology Officer, and Principal Engineer/Architect. He has worked professionally on programming languages, most notably Clojure and ClojureScript. Aaron is the creator of Repsheet, an open source threat intelligence toolkit. He is the co-author of Programming Clojure, 2nd and 3rd Edition and a contributor to Functional Programming: A PragPub Anthology.

Presentations

Adaptive Threat Modeling

Security should always be built with an understanding of who might be attacking and how capable they are. Typical threat modeling exercises are done with a static group of threat actors applied in “best guess” scenarios. While this is helpful in the beginning, the real data eventually tells the accurate story. The truth is that your threat landscape is constantly shifting and your threat model should dynamically adapt to it. This adaptation allows teams to continuously examine controls and ensure they are adequate to counter the current threat actors. It helps create a quantitative risk driven approach to security and should be a part of every security teams tools.

Threat Intelligence Fundamentals

This course will cover the foundations of threat intelligence. It will consist of a combination of lecture and lab where we will work through the concepts of detecting indicators of attack and compromise, and building automation to process and eliminate it. This is a fully immersive, hands on workshop that will include a number of techniques, tools, and code.

Secrets Management

We've all got secrets, but nobody seems to know where to put them. This long standing issue has plagued system design for ages and still has many broken implementations. While many consider this an application concern, the foundations rest in the design of the system. Join Aaron for an in-depth workshop that will cover the following secret management solutions:

  • Locally encrypted secrets with Ansible Vault
  • HSM backed local secrets with SOPS
  • AWS Secrets Manager
  • Hashicorp Vault

Additionally, this workshop will demonstrate tools for discovering sensitive information checked in to your project.

Secrets Management

We've all got secrets, but nobody seems to know where to put them. This long standing issue has plagued system design for ages and still has many broken implementations. While many consider this an application concern, the foundations rest in the design of the system. Join Aaron for an in-depth workshop that will cover the following secret management solutions:

  • Locally encrypted secrets with Ansible Vault
  • HSM backed local secrets with SOPS
  • AWS Secrets Manager
  • Hashicorp Vault

Additionally, this workshop will demonstrate tools for discovering sensitive information checked in to your project.