<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

DevSecOps: The Core Curriculum Opening Remarks

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

DevSecOps: The Core Curriculum -- opening remarks

My brother like 15 years ago asked me what song I would come up to if I were a pro wrestler. There are two. That was one of them. The second one is going to introduce our very first speaker. So Hey, everybody, what's up? I'm Liz. I am the co founder and CEO of StrongDM.

I'm going to start off by telling everybody that today is not going to be "that type" of conference. And by "that type" of conference, I mean one filled with cliches because they're never going to start. Today, we're not going to talk about some crazy pie in the sky vision like a credential crisis. We're just going to talk shop.

So I would like to take everybody back. We're going to go way back, we're going to go all the way back to 2015. Uptown Funk by Mark Ronson is at the top of the charts. Michael Keaton, I do believe has just made a comeback with Birdman. What else? Obama's president, the FCC is actually hotly debating net neutrality at that point - and Ashley Madison was also hacked that year.

And my last company, which had just been acquired, the acquirer got hacked. What happened was an engineer had spun up a test Mongo database, but it was filled with real data. Nobody knew it existed. And a hacker discovered that it was leaking on a port, good old 27017 got in and hundred million records of PII later, the company was investigated by the FTC.

And there was nothing not one but two consent decrees and it was out of business. So just all shareholder value totally lost. The good news is that out of that totally unintentional, but catastrophic incident, StrongDM was born. So what happened was, we actually couldn't wrap our arms around our infrastructure. And so we had no idea who had access to what and so how secure where we really we? I mean, obviously weren't.

At the same time, we also weren't special, everybody had similar problems. And so we set out to simplify access controls. And we started with a couple functional basic questions like, how do I get access today? Am I going through a bastion? Am I exposing any sort of ports to the public Internet? Do I need to get my laptop on the production specific VPN in order to access Kibana?

And then those questions began to provoke some thoughts. And so we asked some bigger picture questions, which is, what are the minimum number of credentials that I need in order to get access to privileged systems? Do I even really need the address of something in order to get to it? And is it possible for everything to be both temporary and dynamic, and so strong built a proxy. We started with databases because that is where the crown jewels are stored. And then we added SSH and then RDP, because contrary to popular belief, as some of us in the audience might know, Windows is alive and kicking.

A few weeks ago, we released Kubernetes. Today, I think everybody in front of me as an engineer, and everybody speaking for you today on this stage is also an engineer, we should be able to learn from our peers. And so that's why at this conference, you are going to hear a whole bunch of real world case studies about infrastructure and security problems that teams from companies ranging from startups all the way to huge multinational corporations have attacked and solved.

My hope is that you will ask a lot of questions, they'll be one FinTech panel, and I believe six retrospectives. So before I introduce our first speaker, and stop droning, I would like to say thank you to Hearst and to Blissfully for sponsoring this event today very much appreciated, and also to our speakers who came in from faraway lands like Boston, and LA. And one of us who took the red eye last night from San Francisco. Thank you. And so without further ado, I am going to introduce our first speaker, this is the others song that I would have walked out to if I were a pro wrestler, but he gets it and he told me that I could choose it for him today. So you can play out and may I introduce Mr. Joel Fulton, the CISO of Splunk.

💙 this post?
Then get all that strongDM goodness, right in your inbox.

You May Also Like

How Fixing Access Improves Security & Productivity Webinar
How Fixing Access Improves Security & Productivity Webinar
Breaking the Cycle: How access, security, and productivity create a vicious cycle, how this manifests in the real world, and importantly, how to break it.
Devising Cloud Strategies and Solutions
Event: Devising Cloud Strategies and Solutions
Attend this MegaCast for a ton of new ideas on how to use the cloud to advance your long-range IT goals. What are the ways that software-as-a-service could replace some on-premises infrastructure? How could a switch to modern applications supercharge an area of your business? Where could an expansion of infrastructure-as-a-service usage reduce your overall costs or dramatically improve your capacity and capability?
Why ASICS Digital Builds 12-Factor Apps
Why ASICS Digital Builds 12-Factor Apps with a Focus on Infrastructure
John Noss is a Senior Site Reliability Engineer at ASICS Digital, formerly Run Keeper. In this talk, he shares how ASICS Digital builds 12-Factor apps with an emphasis on infrastructure.
How Hearst Eliminates DevOps Complexity
How Hearst Eliminates DevOps Complexity -- An Architecture Review
In this talk, Jim Mortko (responsible for leading all Internet-based engineering and digital production efforts) and DevOps Engineer Manuel Maldonado, they discuss how Hearst eliminated DevOps complexity through automation and tooling decisions. Listen as they walk through their services and application architecture and download the slides now.
How Betterment Secures Server Access
How Betterment Secures Server Access - Automate the Boring Stuff
Chris Becker is an SRE at Betterment. Previously, he did similar work on Warby Parker's Infrastructure team. At Betterment, he earned the label APT (advanced persistent threat) thanks to consistently tripping alarms with his peculiar scripts and commands. In this talk, he discusses how Betterment's approach to server access controls evolved as the team grew exponentially. With more people and keys to manage, the SRE team needed to find ways to automate more and reduce the maintenance overhead.