Toufeeq Ockards is a software engineer who one day asked Cobus Bernard “How do you do secrets management?” and this then led him down the rabbit hole that secrets management is. After drinking some the ‘Drink Me’ potion he realized how little his own knowledge of secrets management and information security is and this allowed him enter the small door.
His part of the talk is to help and guide those who want to begin or gain a better about secrets management through his journey.
Talk: # TODO: “Secure(r) Cloud Development”
So everyone has heard that Cloud computing is another term for not your computers. Despite this fact we put a lot of trust in the fact that startups don’t have the technical prowess to secure and environment on a level AWS, AppEngine or Azure can achieve. Open source software, audits, investors and the community hold these companies accountable, but sometimes we miss one last avenue of defence: problem between the keyboard and the Cloud. Deploying code, infrastructure, data etc. on cloud systems needs to cover the wild west of the internet. Can you claim that your infrastructure is secure when the developers could introduce vulnerabilities with free reign on Cloud services. Often a startup gets up and running with every developer having admin access to Cloud services, but is this sustainable?
This talk will describe research in this area (such as implementation by coinbase), as well as my own experience working at <insert Company here> (focused around AWS) and using free and open source tools to lock down our development workflows. This talk wil cover VPNs, Pfsense, Cloud services (Google App engine, AWS, Azure, etc.), CI, etc. This talk is aimed at developers, devops, data scientists, security professionals and any other professional working with or due to work with Cloud services.
This talk will take you through existing tech and tools available now to strengthen your security instead of leaving # TODO everywhere in your security.
Takeaways from this talk:
- Security can equal more freedom to developers
- CI can turn DevOPs into DevSecOps
- Pfsense is awesome
- VPNs are great not a pain
- Enable vs disable dev toolset
- Secrets management