Menu

Monthly Meeting - March 26, 2018

Continuous Security: Monitoring & Active Defense in the Cloud

Register for Monthly Meeting

Presenters: Eric Johnson

 

Description:

Monitoring and feedback loops from production is a critical tenant in DevOps for measuring performance, runtime errors, statistics, and changes. In the SecDevOps world, security teams can take advantage of DevOps monitoring tools to increase security visibility, identify anomalies, and respond swiftly to real time attacks.

Cloud providers are offering powerful infrastructure, development, and application continuous monitoring services that generate a wealth of data. But, building continuous security monitoring on top of the data can be challenging. Where are the log files? What is the log file format? What security events are captured? How do we display meaningful metrics? Can we detect and defend in real time?

This talk will introduce attendees to a realistic AWS environment’s monitoring and active defense system and discuss real data collected during a war game exercise. Afterwards, we will walk through the postmortem, review the alerts raised during the incident, determine if there were any surprises, and identify opportunities to improve the system. Attendees will walk away with actionable techniques for building an active defense framework to help protect your organization’s cloud resources.

Bios:

Eric Johnson

Eric Johnson is a Principal Security Consultant at Cypress Data Defense where he leads secure software development lifecycle consulting, web and mobile application penetration testing, secure code review assessments, static source code analysis, security research, and security tools development. He also founded the Puma Scan static analysis open source project, which allows software engineers to run security-focused .NET static analysis rules during development and in continuous integration pipelines.

As a Certified Instructor with the SANS Institute, Eric authors application security courses on DevOps, cloud security, secure coding, and defending mobile apps. He serves on the advisory board for the SANS Securing the Human Developer awareness training program, delivers security training around the world, and has presented his security research at conferences including SANS, BlackHat, OWASP, BSides, JavaOne, UberConf, and ISSA.

Eric completed a bachelor of science degree in Computer Engineering and a master of science degree in Information Assurance at Iowa State University, and currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java certifications.

Where:

FBL Financial
5400 University Ave
West Des Moines, IA 50266

We are meeting in the Farm Bureau auditorium. Park in visitors parking on the NE corner of the building by the flag pole. The guards inside the main doors where you sign in will direct you.

If you can't physically attend, you can use our webcast. Below is the information for connecting.

Monthly ISSA Chapter Meeting

Please join my meeting from your computer, tablet or smartphone. https://global.gotomeeting.com/join/247310853You can also dial in using your phone. United States +1 (872) 240-3412 Access Code: 247-310-853