AWS Re:inforce Boston 2019— AWS Security Conference: Recap (What they didn’t tell you on stage)

Recap from Amazon Web Services ( AWS )’s first security conference in Boston — AWS re:inforce 2019 #reinforce

Amazon Web Services (AWS) are the largest Cloud provider service in the world period. I won’t need to explain anything more about them, so you can imagine when they announce their first AWS Security conference, it was going to be big.

The conference was everything you can imagine a security conference to have — Security product booths, SWAGs, Food, magicians, unicycle artists, vintage game booths, metal detectors, sniffer dogs (this is Boston after all :)). The conference would have had about 12,000 attendees from about 50 countries being represented over 2 days of talks, workshops, bootcamps, security jams and capture the flags. Amazing opportunity to learn from others and share stories and share meal/margaritas with some to make life-long friends.

The conference was kicked off by a Keynote from Steve Schmidt, the CISO of AWS. I will only go into major annoucements from the keynote and the fine print they excluded from the talk. <insert devil’s advocate emoji>

All these annoucements will help continue a positive evolution of how everyone architects their products and solutions in AWS. Feel free to listen to the whole keynote on youtube in your own time. Some of the other highlights included success stories of Liberty Mutual Insurance and Capital One that were shared during the keynote. Both the companies have launched their products too Radar by Liberty Mutual Insurance and Critical Stack by Capital One.

My personal take-aways and moments that I will cherish from the 2 day AWS re:inforce conference

  • Steve Schmidt throwing few punches at their competitors in the first few mins of the keynote on the recent region failures the competition experienced compared to minimal outage from AWS.
  • Fun fact shared; 95% of internet web traffic is HTTPS or encrypted but about 90% of Internet of Things (IoT) traffic is HTTP or unencrypted.
  • AWS are noticing the shift to containerisation, serverless and the use of AppMesh to manage security across multiple clusters.
  • Key Takeway from Liberty Insurance section of keynote— Have flexible set of guardrails
  • 2 Key takeaway from the Capital One part of the talk was — “cyber is changing from a trained craft to a science based profession” & “A multi-layer approach to safeguarding data is a hallmark of cloud native companies”
  • Changes in the way folks will do Security Audit, a cloud first company would have APIs which their auditors can consume to know the change in state from the last audit. No one would want auditors with check-list spread sheets.
  • Anomaly detection and machine learning driven security would mean security can use predictive intelligence to spend time working on complex problems.
  • Physical security is being affected by technology and algorithms to detect intruders via security video feed and not rely on a human manning the video feed.
  • “DevSecOps” — Like every security professional out there, security should always be there in everything you care about but the term helps get the message across to mostly everyone across the tech landscape.
  • Getting selfies with security peers from around the world. :)

Overall message from all the speakers in the conference was a hope that every conference attendee would hopefully takeaway a “tool, feature or service that helps make you more secure” when they leave the conference after the 2 days.

All the talks from the conference are available online, I would recommend watching the talks related to the following topics

  • VPC Mirroring
  • Serverless Security
  • Container Security
  • Governance and Compliance as Code
  • SOAR (Secure, Operate, Automate, Repeat) for incident response folks

I was privileged enough to attend the conference (Shout out to Versent for the sponsorship). If you have not heard of Versent, you should check us out, we have listed as one of the fastest growing startups in Australia and we have been AWS partner of the year award 3 years in a row, oh yeah we have only in business for 4.5yrs. :)

What was your takeaway from the 2 days of AWS #reinforce 2019?

Help me improve this article by leaving a comment if you see something that I have listed is wrong?

Security expert with a goal to make security an enabler instead of a blocker in the exciting world of cloud and machine learning.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store