a u g . 2 4 2 5 , 2 0 2 1 | h o u s t o n , t x

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.

A U G . 2 4 – 2 5 , 2 0 2 1 | H O U S T O N , T X

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Navigating re:Inforce for BuildersZainab MalekiAWS Community Hero


Attendee Guide Description

Coming from a development background, security was not my strong suit. But in

recent times, I have found that what I love the most about my job is the ability to

be a generalist rather than an expert in one area. Today, I am wearing my web

developer hat, tomorrow I may wear my security hat, and in the days and weeks

that follows, I may have to wear my devOps engineer or data engineer hats.

Although this is so exciting and it helps me build my skills in a variety of different

areas, it also comes with some disadvantages, such as lack of expertise in security

compared to that of a specialist security engineer. Luckily for those like me, AWS

provides tons of opportunities to overcome these learning gaps, re:Inforce being

one of the main ones.

I live in Perth, Australia, and unfortunately the current climate makes it impossible

for me to attend re:Inforce in person this year. However, if you are lucky enough

to attend or are looking to watch the sessions, below are the ones that I am most

excited about.

Zainab MalekiSenior DevOps Engineer,

Mechanical Rock

AWS Community Hero

https://aws.amazon.com/developer/

community/heroes/zainab-maleki

https://aws.amazon.com/developer/community/heroes/zainab-maleki


BuildersIf you are interested in building secure applications, the following sessions are a must for you.


Personalized Session Recommendations

DPP203

Facebook’s secure-by-design approach

to supporting AWS applications

Just as approaches like TDD and BDD teach us

to put testing at the heart of everything we

do; monitoring, observability, and secure

design should also never be an afterthought.

In this session, Jose Ruiz from Facebook will

discuss how they implement their secure-by-

design approach using AWS Global auditing

and monitoring tools such as Amazon

GuardDuty, AWS Config, and Amazon Macie.

BREAKOUT SESSION

DPP205

Demystifying PKI and certificates on

AWS

If you are a builder, you have surely come

across situations where you had to create,

deploy, and manage your own public and

private key infrastructure. In this session Todd

Cignetti will discuss how this is done using

AWS services.

BREAKOUT SESSION



DPP272

Ransomware prevention strategies in

Amazon S3

As easy as it is to work with Amazon S3

buckets, there is so much depth when it

comes to securing your data in S3. This

session is designed to teach you how to take

protective measures to secure your data, as

well as detective measures and automatic

remediation using AWS GuardDuty.

BUILDERS’ SESSION

DPP301

Secrets management best practices

To facilitate communication between

different parts of any system, you need to

store, maintain, and access secrets. Divya

Sridhar from Zoom will take us through best

practices of working with AWS Secrets

Manager, including fine-grained access

control, automatic secret rotation, and secret

replication across AWS Regions to satisfy your

system security and high availability

requirements.

BREAKOUT SESSION



DPP354

Redact data as needed using Amazon

S3 Object Lambda

In this workshop Rafael Koike will be showing

you how to use serverless lambdas in order to

process and transform data in S3 buckets

before returning the result to the consuming

application. Processing data using AWS

Lamda also allows you to implement

authorization and object-level access

restrictions.

WORKSHOP

GRC371-R1, -R2

PCI DSS compliance for serverless cloud

applications

If I were to tell you there is a lab where you

get to build a secure payment platform using

serverless technologies such as AWS Lambda,

Amazon API Gateway, Amazon DynamoDB,

and Amazon Cognito, would you ever miss it?

I didn’t think so… 😉

BUILDERS’ SESSION



NIS351

Supercharge your web application

defenses with AWS WAF

If you develop web applications on AWS,

knowing about AWS WAF is one of the

essential skills you need to have in your

pocket. In this workshop you will learn not

only how to protect your web application

against common threats, such as SQL

injection and cross-site scripting, but also how

to analyze your web traffic. You’ll also learn

mitigation techniques, such as Bot Control,

customized HTTP response, and JSON

inspection.

WORKSHOP


DevOps engineersI highly recommend the sessions below if you are an automation or DevSecOps enthusiast.



GRC302

Automate AWS Config conformance

pack deployment with AWS

CodePipeline

AWS Config allows you to create security

rules, retrieve compliance results from the

rules, and perform actions based on the

results. This session is designed to go one

step beyond those concepts and show you

some best practices in order to maintain and

test your configurations at scale using Config

conformance packs, the AWS Developer

Tools, the Rule Development Kit (RDK), and

RDKLib.

BREAKOUT SESSION

GRC303

Building secure machine learning

environments

I have recently been very interested in the

machine learning (ML) domain, and I see

heaps of opportunities in that area for

DevOps and automation-related work. Since

ML workloads are sometimes not so friendly

to serverless, it is really important to learn

how to build secure and compliant ML

environments in an automatic fashion. You

will take plenty out of this session if ML is an

area of interest for you.

BREAKOUT SESSION



GRC401

Simplify and automate security with

compliance as code

In a world where we have tests as code (I

made that up), infrastructure as code, and

data as code, of course we would have

compliance as code, too. That’s at least the

world that I wanna live in. In this talk you will

learn how to automate and simplify managing

compliance for thousands of resources, as

well as automated remediations on detected

PCI violations.

BREAKOUT SESSION

NIS251-R1, -R2

Build a Zero Trust architecture for

service-to-service workloads on AWS

This workshop would be great for getting

hands-on experience implementing zero trust

architecture on AWS. Attending this workshop

will teach you how to take advantage of

native service controls with tools such as

Amazon API Gateway and Amazon Virtual

Private Cloud endpoints in order to integrate

network and identity controls. While

leveraging AWS services like Amazon

GuardDuty, AWS Lambda, and Amazon

DynamoDB, you will learn how to improve the

overall security posture of your workload.

WORKSHOP



TDR331

Reducing the noise in security findings

In this session Tim Condello and Jigna Gandhi

will be illustrating some tips and tricks on how

to tune your AWS Security Hub and Amazon

GuardDuty findings in order to get the least

false positives. They will also demonstrate

how to centralize and visualize security logs in

Amazon ElasticSearch, as well as how to

perform investigations with Amazon

Detective.

CHALK TALK


AnalystsThe sessions below focus on how you can get the best out of your security data by running them against analytics workloads.



DPP251

Data discovery and classification with

Amazon Macie

Amazon Macie is an AWS managed security

tool where it uses machine learning

algorithms to discover and protect your

sensitive data on AWS. In this workshop,

Michael Ingoldby will show you how to scan

and classify your data on S3 bucket using

Macie. He will also show you how to create

custom data identifiers, classification jobs, and

how to filter the results.

WORKSHOP

TDR233-R1, -R2

Become an AWS security log sleuth with

Amazon Athena

Have you used AWS CloudTrail before and

know the hassle of checking if your API call

returned an access-denied error behind the

scenes? Integrating your VPC Flow, CloudTrail,

and AWS WAF logs with Amazon Athena

allows you to run any complex queries in SQL

language and see your result instantly. Do

yourself a favor and attend this session.

CHALK TALK



NIS332

Visualize Route 53 Resolver DNS

Firewall logs with Contributor Insights

Although with Route 53 Resolver DNS Firewall

you have access to the VPC traffic logs, you

still require a secondary tool to be able to

visualize and make sense of the available

data. This session will show you how to use

Amazon CloudWatch Contributor Insights to

analyze the firewall logs and to create

meaningful dashboards for your Domain

Name System traffic.

CHALK TALK


While I will be missing out on all the fun in Houston myself, I will be keeping my eyes peeled for the recordings that will come out of it.

There are many sessions in this year’s re:Inforce to help us overcome learning gaps, which should hopefully answer all your burning questions and inspire you to try out something you haven’t before.

I hope my selection of the sessions for the analysts, builders, and devops engineers help you pick the right one to attend. Stay safe and enjoy every moment of re:Inforce 2021.


2021 Overview


re:Inforce is a cloud security conference designed to help you

improve your security awareness and best practices. This year’s event

includes two days of technical and business content focused on AWS

products and services, a keynote featuring AWS Security leadership,

and direct access to experts who can help you expand your

knowledge of cloud security, identity, and compliance.

What is re:Inforce?

Attending re:Inforce is one of the most effective and efficient ways to

learn how you can secure cloud workloads using AWS tools and services.

Why attend?

Overview


Learn

AWS Vice President and Chief Information Security Officer Stephen

Schmidt takes the stage with industry-leading guest speakers.

Leadership sessions

Keynote

Data Protection & Privacy

Governance, Risk & Compliance

Identity & Access Management

Network & Infrastructure Security

Threat Detection & Incident Response

Security JamsOur activities are structured to accommodate AWS users of all

levels. We have AWS experts, plus guided exercises, to help you

ramp up your security knowledge. All you need to bring is your

desire to learn and a laptop.

AWS and select partners provide environments where you can

learn new skills and practice current ones against AWS and

game show–style scenarios.

Capture the Flag


Learning opportunities and tracks

WorkshopsWorkshops are two-hour hands-on sessions where you work in

teams to solve problems using AWS Cloud security services.

AWS re:Inforce breakout sessions are 60-minute

lecture-style presentations.

Chalk talks

Breakout sessions

A chalk talk is a highly interactive content format with

a small audience.

Builders’ sessions are 60-minute small group sessions led

by one AWS expert who guides you as you build the

service or product on your own laptop.

Builders’ sessions

Data Protection & Privacy

Discover how AWS, customers,

and partners work together to

protect data, with topics covering

data management, cryptography,

data security, data privacy, and key

rotation and storage.

Tracks

Threat Detection & Incident Response

Learn how AWS, customers, and partners get the visibility they need to

improve their security posture, reduce the risk profile of their environments,

identify issues before they impact business, and implement incident

response best practices.

Governance, Risk & Compliance

Dive deep into why compliance

matters to security practitioners,

and learn how to automate

compliance tools and services for

operational use.

Identity & Access Management

Hear from AWS, customers, and

partners about different

methodologies, services, products,

and tools that define, enforce, and

audit user permissions across AWS

services and resources.

Network & Infrastructure Security

Gain an understanding of the services,

tools, and products that AWS, customers,

and partners use to protect the usability

and integrity of their networks and data

and to reduce surface area to manage

the security and privacy of their overall

infrastructure on AWS.


Thank you!

a u g . 2 4 2 5 , 2 0 2 1 | h o u s t o n , t x

Documents