a u g . 2 4 2 5 , 2 0 2 1 | h o u s t o n , t x
TRANSCRIPT
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
A U G . 2 4 – 2 5 , 2 0 2 1 | H O U S T O N , T X
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Navigating re:Inforce for BuildersZainab MalekiAWS Community Hero
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Attendee Guide Description
Coming from a development background, security was not my strong suit. But in
recent times, I have found that what I love the most about my job is the ability to
be a generalist rather than an expert in one area. Today, I am wearing my web
developer hat, tomorrow I may wear my security hat, and in the days and weeks
that follows, I may have to wear my devOps engineer or data engineer hats.
Although this is so exciting and it helps me build my skills in a variety of different
areas, it also comes with some disadvantages, such as lack of expertise in security
compared to that of a specialist security engineer. Luckily for those like me, AWS
provides tons of opportunities to overcome these learning gaps, re:Inforce being
one of the main ones.
I live in Perth, Australia, and unfortunately the current climate makes it impossible
for me to attend re:Inforce in person this year. However, if you are lucky enough
to attend or are looking to watch the sessions, below are the ones that I am most
excited about.
Zainab MalekiSenior DevOps Engineer,
Mechanical Rock
AWS Community Hero
https://aws.amazon.com/developer/
community/heroes/zainab-maleki
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
BuildersIf you are interested in building secure applications, the following sessions are a must for you.
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Personalized Session Recommendations
DPP203
Facebook’s secure-by-design approach
to supporting AWS applications
Just as approaches like TDD and BDD teach us
to put testing at the heart of everything we
do; monitoring, observability, and secure
design should also never be an afterthought.
In this session, Jose Ruiz from Facebook will
discuss how they implement their secure-by-
design approach using AWS Global auditing
and monitoring tools such as Amazon
GuardDuty, AWS Config, and Amazon Macie.
BREAKOUT SESSION
DPP205
Demystifying PKI and certificates on
AWS
If you are a builder, you have surely come
across situations where you had to create,
deploy, and manage your own public and
private key infrastructure. In this session Todd
Cignetti will discuss how this is done using
AWS services.
BREAKOUT SESSION
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Personalized Session Recommendations
DPP272
Ransomware prevention strategies in
Amazon S3
As easy as it is to work with Amazon S3
buckets, there is so much depth when it
comes to securing your data in S3. This
session is designed to teach you how to take
protective measures to secure your data, as
well as detective measures and automatic
remediation using AWS GuardDuty.
BUILDERS’ SESSION
DPP301
Secrets management best practices
To facilitate communication between
different parts of any system, you need to
store, maintain, and access secrets. Divya
Sridhar from Zoom will take us through best
practices of working with AWS Secrets
Manager, including fine-grained access
control, automatic secret rotation, and secret
replication across AWS Regions to satisfy your
system security and high availability
requirements.
BREAKOUT SESSION
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Personalized Session Recommendations
DPP354
Redact data as needed using Amazon
S3 Object Lambda
In this workshop Rafael Koike will be showing
you how to use serverless lambdas in order to
process and transform data in S3 buckets
before returning the result to the consuming
application. Processing data using AWS
Lamda also allows you to implement
authorization and object-level access
restrictions.
WORKSHOP
GRC371-R1, -R2
PCI DSS compliance for serverless cloud
applications
If I were to tell you there is a lab where you
get to build a secure payment platform using
serverless technologies such as AWS Lambda,
Amazon API Gateway, Amazon DynamoDB,
and Amazon Cognito, would you ever miss it?
I didn’t think so… 😉
BUILDERS’ SESSION
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Personalized Session Recommendations
NIS351
Supercharge your web application
defenses with AWS WAF
If you develop web applications on AWS,
knowing about AWS WAF is one of the
essential skills you need to have in your
pocket. In this workshop you will learn not
only how to protect your web application
against common threats, such as SQL
injection and cross-site scripting, but also how
to analyze your web traffic. You’ll also learn
mitigation techniques, such as Bot Control,
customized HTTP response, and JSON
inspection.
WORKSHOP
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
DevOps engineersI highly recommend the sessions below if you are an automation or DevSecOps enthusiast.
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Personalized Session Recommendations
GRC302
Automate AWS Config conformance
pack deployment with AWS
CodePipeline
AWS Config allows you to create security
rules, retrieve compliance results from the
rules, and perform actions based on the
results. This session is designed to go one
step beyond those concepts and show you
some best practices in order to maintain and
test your configurations at scale using Config
conformance packs, the AWS Developer
Tools, the Rule Development Kit (RDK), and
RDKLib.
BREAKOUT SESSION
GRC303
Building secure machine learning
environments
I have recently been very interested in the
machine learning (ML) domain, and I see
heaps of opportunities in that area for
DevOps and automation-related work. Since
ML workloads are sometimes not so friendly
to serverless, it is really important to learn
how to build secure and compliant ML
environments in an automatic fashion. You
will take plenty out of this session if ML is an
area of interest for you.
BREAKOUT SESSION
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Personalized Session Recommendations
GRC401
Simplify and automate security with
compliance as code
In a world where we have tests as code (I
made that up), infrastructure as code, and
data as code, of course we would have
compliance as code, too. That’s at least the
world that I wanna live in. In this talk you will
learn how to automate and simplify managing
compliance for thousands of resources, as
well as automated remediations on detected
PCI violations.
BREAKOUT SESSION
NIS251-R1, -R2
Build a Zero Trust architecture for
service-to-service workloads on AWS
This workshop would be great for getting
hands-on experience implementing zero trust
architecture on AWS. Attending this workshop
will teach you how to take advantage of
native service controls with tools such as
Amazon API Gateway and Amazon Virtual
Private Cloud endpoints in order to integrate
network and identity controls. While
leveraging AWS services like Amazon
GuardDuty, AWS Lambda, and Amazon
DynamoDB, you will learn how to improve the
overall security posture of your workload.
WORKSHOP
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Personalized Session Recommendations
TDR331
Reducing the noise in security findings
In this session Tim Condello and Jigna Gandhi
will be illustrating some tips and tricks on how
to tune your AWS Security Hub and Amazon
GuardDuty findings in order to get the least
false positives. They will also demonstrate
how to centralize and visualize security logs in
Amazon ElasticSearch, as well as how to
perform investigations with Amazon
Detective.
CHALK TALK
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AnalystsThe sessions below focus on how you can get the best out of your security data by running them against analytics workloads.
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Personalized Session Recommendations
DPP251
Data discovery and classification with
Amazon Macie
Amazon Macie is an AWS managed security
tool where it uses machine learning
algorithms to discover and protect your
sensitive data on AWS. In this workshop,
Michael Ingoldby will show you how to scan
and classify your data on S3 bucket using
Macie. He will also show you how to create
custom data identifiers, classification jobs, and
how to filter the results.
WORKSHOP
TDR233-R1, -R2
Become an AWS security log sleuth with
Amazon Athena
Have you used AWS CloudTrail before and
know the hassle of checking if your API call
returned an access-denied error behind the
scenes? Integrating your VPC Flow, CloudTrail,
and AWS WAF logs with Amazon Athena
allows you to run any complex queries in SQL
language and see your result instantly. Do
yourself a favor and attend this session.
CHALK TALK
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Personalized Session Recommendations
NIS332
Visualize Route 53 Resolver DNS
Firewall logs with Contributor Insights
Although with Route 53 Resolver DNS Firewall
you have access to the VPC traffic logs, you
still require a secondary tool to be able to
visualize and make sense of the available
data. This session will show you how to use
Amazon CloudWatch Contributor Insights to
analyze the firewall logs and to create
meaningful dashboards for your Domain
Name System traffic.
CHALK TALK
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
While I will be missing out on all the fun in Houston myself, I will be keeping my eyes peeled for the recordings that will come out of it.
There are many sessions in this year’s re:Inforce to help us overcome learning gaps, which should hopefully answer all your burning questions and inspire you to try out something you haven’t before.
I hope my selection of the sessions for the analysts, builders, and devops engineers help you pick the right one to attend. Stay safe and enjoy every moment of re:Inforce 2021.
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
2021 Overview
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
re:Inforce is a cloud security conference designed to help you
improve your security awareness and best practices. This year’s event
includes two days of technical and business content focused on AWS
products and services, a keynote featuring AWS Security leadership,
and direct access to experts who can help you expand your
knowledge of cloud security, identity, and compliance.
What is re:Inforce?
Attending re:Inforce is one of the most effective and efficient ways to
learn how you can secure cloud workloads using AWS tools and services.
Why attend?
Overview
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Learn
AWS Vice President and Chief Information Security Officer Stephen
Schmidt takes the stage with industry-leading guest speakers.
Leadership sessions
Keynote
Data Protection & Privacy
Governance, Risk & Compliance
Identity & Access Management
Network & Infrastructure Security
Threat Detection & Incident Response
Security JamsOur activities are structured to accommodate AWS users of all
levels. We have AWS experts, plus guided exercises, to help you
ramp up your security knowledge. All you need to bring is your
desire to learn and a laptop.
AWS and select partners provide environments where you can
learn new skills and practice current ones against AWS and
game show–style scenarios.
Capture the Flag
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Learning opportunities and tracks
WorkshopsWorkshops are two-hour hands-on sessions where you work in
teams to solve problems using AWS Cloud security services.
AWS re:Inforce breakout sessions are 60-minute
lecture-style presentations.
Chalk talks
Breakout sessions
A chalk talk is a highly interactive content format with
a small audience.
Builders’ sessions are 60-minute small group sessions led
by one AWS expert who guides you as you build the
service or product on your own laptop.
Builders’ sessions
Data Protection & Privacy
Discover how AWS, customers,
and partners work together to
protect data, with topics covering
data management, cryptography,
data security, data privacy, and key
rotation and storage.
Tracks
Threat Detection & Incident Response
Learn how AWS, customers, and partners get the visibility they need to
improve their security posture, reduce the risk profile of their environments,
identify issues before they impact business, and implement incident
response best practices.
Governance, Risk & Compliance
Dive deep into why compliance
matters to security practitioners,
and learn how to automate
compliance tools and services for
operational use.
Identity & Access Management
Hear from AWS, customers, and
partners about different
methodologies, services, products,
and tools that define, enforce, and
audit user permissions across AWS
services and resources.
Network & Infrastructure Security
Gain an understanding of the services,
tools, and products that AWS, customers,
and partners use to protect the usability
and integrity of their networks and data
and to reduce surface area to manage
the security and privacy of their overall
infrastructure on AWS.