Return
Continue
View More
View Less
Working...
Close
OK
Cancel
Confirm
System Message
Delete
Schedule
An unknown error has occurred and your request could not be completed. Please contact support.
Reserved - Scan in at least 10 minutes before the beginning of the session.
This has been added to your Planner. Please note: This is not a reserved seat.
Waitlisted - you may be assigned a reserved seat if one becomes available.

Please be sure to check the session detail of this session for a full list of repeat sessions.

Personal Calendar
 
Conference Event
Meeting
Interests
There aren't any available sessions at this time.
Conflict Found
This session is already scheduled at another time. Would you like to...
Loading...
Please enter a maximum of {0} characters.
{0} remaining of {1} character maximum.
Please enter a maximum of {0} words.
{0} remaining of {1} word maximum.
must be 50 characters or less.
must be 40 characters or less.
Session Summary
We were unable to load the map image.
This has not yet been assigned to a map.
Search Catalog
Reply
Replies ()
Search
New Post
Microblog
Microblog Thread
Post Reply
Post
Your session timed out.
Meeting Summary

I'm interested in this
I'm no longer interested
 

BTC002-R - [REPEAT] Building Serverless Compliance-as-code Compliance-as-code is the concept of automating the evaluation of recorded configurations against desired configurations, from a security and well-architected perspective. Building Serverless Compliance-as-code is a half-day, advanced-level course designed to teach you how to use, read, and write compliance-as-code to keep an AWS environment secure and optimized. The course will conclude with a hands-on Capture the Flag tournament. The goal is to build innovative compliance-as-code to be made available to millions of AWS customers on the AWS public Github. Bootcamp
BTC002-R1 - [REPEAT 1] Building Serverless Compliance-as-code Compliance-as-code is the concept of automating the evaluation of recorded configurations against desired configurations, from a security and well-architected perspective. Building Serverless Compliance-as-code is a half-day, advanced-level course designed to teach you how to use, read, and write compliance-as-code to keep an AWS environment secure and optimized. The course will conclude with a hands-on Capture the Flag tournament. The goal is to build innovative compliance-as-code to be made available to millions of AWS customers on the AWS public Github. Bootcamp
BTC006 - AWS Certification Exam Readiness: Security - Specialty The AWS Certified Security - Specialty exam validates technical skills and experience in securing and hardening workloads and architectures on the AWS platform. Attendees with two or more years of hands-on experience designing and deploying cloud architecture on AWS should join this half-day, advanced-level course to learn how to prepare and succeed in the exam. We will help you prepare for the exam by exploring the exam’s domain areas and mapping them to specific areas to study. We will review sample exam questions in each domain area, teaching you how to interpret the concepts being tested so that you can better eliminate incorrect responses. Bootcamp
BUF001-R - [REPEAT] Build Your Own Security Chaos Testing on AWS Despite spending more on security, data breaches are continuously getting bigger and more frequent across all industries. In fact, a large portion of data breaches are caused not by sophisticated nation-state actors or hacktivists, but rather simple things rooted in human error and system glitches. We will provide a simplified game day to build security chaos testing, based on the most prominent open source chaos tool, to perform a number of pre-defined “security chaos experiments” on AWS. The attendee will learn what is Chaos Engineering, how to design and implement his own security chaos testing on AWS. Builders Fair
BUF001-R1 - [REPEAT 1] Build Your Own Security Chaos Testing on AWS Despite spending more on security, data breaches are continuously getting bigger and more frequent across all industries. In fact, a large portion of data breaches are caused not by sophisticated nation-state actors or hacktivists, but rather simple things rooted in human error and system glitches. We will provide a simplified game day to build security chaos testing, based on the most prominent open source chaos tool, to perform a number of pre-defined “security chaos experiments” on AWS. The attendee will learn what is Chaos Engineering, how to design and implement his own security chaos testing on AWS. Builders Fair
BUF001-R2 - [REPEAT 2] Build Your Own Security Chaos Testing on AWS Despite spending more on security, data breaches are continuously getting bigger and more frequent across all industries. In fact, a large portion of data breaches are caused not by sophisticated nation-state actors or hacktivists, but rather simple things rooted in human error and system glitches. We will provide a simplified game day to build security chaos testing, based on the most prominent open source chaos tool, to perform a number of pre-defined “security chaos experiments” on AWS. The attendee will learn what is Chaos Engineering, how to design and implement his own security chaos testing on AWS. Builders Fair
BUF002-R - [REPEAT] Security Hub Finding Enrichment Service Quickly understanding the context and clues is critical when successfully responding to a security incident. AWS Security Hub reduces the effort of collecting and prioritizing security findings. In this Builder’s Fair demo, we show finding notifications delivered to an Amazon Chime security chat operations channel with additional context about the target EC2 Instance. Providing log data, network statistics, and vulnerability information accelerates the receiving analyst’s time to resolution. Providing URL links, relevant to the incident, allow the security analyst to focus on the appropriate next steps. Builders Fair
BUF002-R1 - [REPEAT 1] Security Hub Finding Enrichment Service Quickly understanding the context and clues is critical when successfully responding to a security incident. AWS Security Hub reduces the effort of collecting and prioritizing security findings. In this Builder’s Fair demo, we show finding notifications delivered to an Amazon Chime security chat operations channel with additional context about the target EC2 Instance. Providing log data, network statistics, and vulnerability information accelerates the receiving analyst’s time to resolution. Providing URL links, relevant to the incident, allow the security analyst to focus on the appropriate next steps. Builders Fair
BUF002-R2 - [REPEAT 2] Security Hub Finding Enrichment Service Quickly understanding the context and clues is critical when successfully responding to a security incident. AWS Security Hub reduces the effort of collecting and prioritizing security findings. In this Builder’s Fair demo, we show finding notifications delivered to an Amazon Chime security chat operations channel with additional context about the target EC2 Instance. Providing log data, network statistics, and vulnerability information accelerates the receiving analyst’s time to resolution. Providing URL links, relevant to the incident, allow the security analyst to focus on the appropriate next steps. Builders Fair
BUF003-R - [REPEAT] Protecting and Anonymizing PHI/PII data with AWS In this session, we demonstrate how AWS protects and anonymizes personal health information (PHI) and personally identifiable information (PII) data received from medical facilities (e.g., medical clinics, doctor’s offices, and laboratories). We show you how external data sources are legitimate using API Gateway, AWS WAF, and GuardDuty. We protect and anonymize PHI and PII data using Lake Formation, AWS Glue, Amazon Comprehend Medical, and Macie to ensure data privacy, data classification, and regulatory compliance. This demonstration can be shared with healthcare providers, healthcare partners, and the open source community. Builders Fair
BUF003-R1 - [REPEAT 1] Protecting and Anonymizing PHI/PII data with AWS In this session, we demonstrate how AWS protects and anonymizes personal health information (PHI) and personally identifiable information (PII) data received from medical facilities (e.g., medical clinics, doctor’s offices, and laboratories). We show you how external data sources are legitimate using API Gateway, AWS WAF, and GuardDuty. We protect and anonymize PHI and PII data using Lake Formation, AWS Glue, Amazon Comprehend Medical, and Macie to ensure data privacy, data classification, and regulatory compliance. This demonstration can be shared with healthcare providers, healthcare partners, and the open source community. Builders Fair
BUF003-R2 - [REPEAT 2] Protecting and Anonymizing PHI/PII data with AWS In this session, we demonstrate how AWS protects and anonymizes personal health information (PHI) and personally identifiable information (PII) data received from medical facilities (e.g., medical clinics, doctor’s offices, and laboratories). We show you how external data sources are legitimate using API Gateway, AWS WAF, and GuardDuty. We protect and anonymize PHI and PII data using Lake Formation, AWS Glue, Amazon Comprehend Medical, and Macie to ensure data privacy, data classification, and regulatory compliance. This demonstration can be shared with healthcare providers, healthcare partners, and the open source community. Builders Fair
BUF004-R - [REPEAT] Security @ AWS with PPE Detection We can apply AWS security solutions to the manufacturing world and create better physical environments for workers all around the world. This serves as health safety purposes as well as a competitive advantage for our clients, once they can minimize administrative processes and reduce cost on labor indemnity. This demo will demonstrate how a camera can be used to detect Personal Protective Equipment (PPE) in real-time and help to prevent injuries in the workplace. Workers without protective equipment will receive a “You are not safe” audio message, at the same time that their supervisors will be notified via email or SMS. Additionally, this demo will show a QuickSight dashboard with real-time statistics on the number of people and equipment detected. Builders Fair
BUF004-R1 - [REPEAT 1] Security @ AWS with PPE Detection We can apply AWS security solutions to the manufacturing world and create better physical environments for workers all around the world. This serves as health safety purposes as well as a competitive advantage for our clients, once they can minimize administrative processes and reduce cost on labor indemnity. This demo will demonstrate how a camera can be used to detect Personal Protective Equipment (PPE) in real-time and help to prevent injuries in the workplace. Workers without protective equipment will receive a “You are not safe” audio message, at the same time that their supervisors will be notified via email or SMS. Additionally, this demo will show a QuickSight dashboard with real-time statistics on the number of people and equipment detected. Builders Fair
BUF004-R2 - [REPEAT 2] Security @ AWS with PPE Detection We can apply AWS security solutions to the manufacturing world and create better physical environments for workers all around the world. This serves as health safety purposes as well as a competitive advantage for our clients, once they can minimize administrative processes and reduce cost on labor indemnity. This demo will demonstrate how a camera can be used to detect Personal Protective Equipment (PPE) in real-time and help to prevent injuries in the workplace. Workers without protective equipment will receive a “You are not safe” audio message, at the same time that their supervisors will be notified via email or SMS. Additionally, this demo will show a QuickSight dashboard with real-time statistics on the number of people and equipment detected. Builders Fair
BUF005-R - [REPEAT] Detect Social Engineering While It Happens In this session we will show how a potential social engineering attack is detected. As an attendee you can place a call and when you utter certain phrases, the receiver of the call is notified, via SMS, they could be under a social engineering attack. The phone number is added to a list and blocked from calling in the future. Builders Fair
BUF005-R1 - [REPEAT 1] Detect Social Engineering While It Happens In this session we will show how a potential social engineering attack is detected. As an attendee you can place a call and when you utter certain phrases, the receiver of the call is notified, via SMS, they could be under a social engineering attack. The phone number is added to a list and blocked from calling in the future. Builders Fair
BUF005-R2 - [REPEAT 2] Detect Social Engineering While It Happens In this session we will show how a potential social engineering attack is detected. As an attendee you can place a call and when you utter certain phrases, the receiver of the call is notified, via SMS, they could be under a social engineering attack. The phone number is added to a list and blocked from calling in the future. Builders Fair
BUF006-R - [REPEAT] Augmented Face Recognition with Life Detection for User Authentication Traditional authentication mechanisms involving face recognition cannot usually distinguish between real faces and photos. In this project we demonstrate an augmented face recognition mechanism, where we combine traditional visual recognition approaches with an additional test to prevent impersonations using a face photo. Our augmented approach consists of asking the user to read a random word pattern and then contrast the lip movements with the requested pattern, while checking that lip movements come from the same face. This authentication mechanism can be applied for fraud prevention and detection in ATMs, booths and other portable devices (e.g., mobile apps). Builders Fair
BUF006-R1 - [REPEAT 1] Augmented Face Recognition with Life Detection for User Authentication Traditional authentication mechanisms involving face recognition cannot usually distinguish between real faces and photos. In this project we demonstrate an augmented face recognition mechanism, where we combine traditional visual recognition approaches with an additional test to prevent impersonations using a face photo. Our augmented approach consists of asking the user to read a random word pattern and then contrast the lip movements with the requested pattern, while checking that lip movements come from the same face. This authentication mechanism can be applied for fraud prevention and detection in ATMs, booths and other portable devices (e.g., mobile apps). Builders Fair
BUF006-R2 - [REPEAT 2] Augmented Face Recognition with Life Detection for User Authentication Traditional authentication mechanisms involving face recognition cannot usually distinguish between real faces and photos. In this project we demonstrate an augmented face recognition mechanism, where we combine traditional visual recognition approaches with an additional test to prevent impersonations using a face photo. Our augmented approach consists of asking the user to read a random word pattern and then contrast the lip movements with the requested pattern, while checking that lip movements come from the same face. This authentication mechanism can be applied for fraud prevention and detection in ATMs, booths and other portable devices (e.g., mobile apps). Builders Fair
BUF007-R - [REPEAT] WOPR: WAF Operations Play Room The gamified demonstration brings out the complex, time consuming, error prone nature of crafting WAF mitigations when your Web Application is under attack. Join the game and see how fast you can mitigate a simulated web application attack. Can you block a brute force attack or bot activity? Step right up and see how quick you can stop the badness. Builders Fair
BUF007-R1 - [REPEAT 1] WOPR: WAF Operations Play Room The gamified demonstration brings out the complex, time consuming, error prone nature of crafting WAF mitigations when your Web Application is under attack. Join the game and see how fast you can mitigate a simulated web application attack. Can you block a brute force attack or bot activity? Step right up and see how quick you can stop the badness. Builders Fair
BUF007-R2 - [REPEAT 2] WOPR: WAF Operations Play Room The gamified demonstration brings out the complex, time consuming, error prone nature of crafting WAF mitigations when your Web Application is under attack. Join the game and see how fast you can mitigate a simulated web application attack. Can you block a brute force attack or bot activity? Step right up and see how quick you can stop the badness. Builders Fair
BUF008-R - [REPEAT] Securing Alexa skills with 2 Factor Authentication and Alexa for Business With a voice first design strategy, many organizations are building voice-enabled solutions using Alexa. These solutions range from mission critical operations, reporting company's KPIs to increasing worker productivity. Securing Alexa skills is a paramount need and customers are looking for options to secure Alexa Skills. We Will demonstrate how to secure Alexa Skills by deploying them as Private Skills (using Alexa for Business) and implementing 2 factor authentication using a 6 Digit Security PIN sent to enrolled Skill users via SMS and by performing Facial Recognition using AWS Recognition with Amazon Cognito. Builders Fair
BUF008-R1 - [REPEAT 1] Securing Alexa skills with 2 Factor Authentication and Alexa for Business With a voice first design strategy, many organizations are building voice-enabled solutions using Alexa. These solutions range from mission critical operations, reporting company's KPIs to increasing worker productivity. Securing Alexa skills is a paramount need and customers are looking for options to secure Alexa Skills. We Will demonstrate how to secure Alexa Skills by deploying them as Private Skills (using Alexa for Business) and implementing 2 factor authentication using a 6 Digit Security PIN sent to enrolled Skill users via SMS and by performing Facial Recognition using AWS Recognition with Amazon Cognito. Builders Fair
BUF008-R2 - [REPEAT 2] Securing Alexa skills with 2 Factor Authentication and Alexa for Business With a voice first design strategy, many organizations are building voice-enabled solutions using Alexa. These solutions range from mission critical operations, reporting company's KPIs to increasing worker productivity. Securing Alexa skills is a paramount need and customers are looking for options to secure Alexa Skills. We Will demonstrate how to secure Alexa Skills by deploying them as Private Skills (using Alexa for Business) and implementing 2 factor authentication using a 6 Digit Security PIN sent to enrolled Skill users via SMS and by performing Facial Recognition using AWS Recognition with Amazon Cognito. Builders Fair
CTC001 - Cradles to Crayon Join AWS in supporting Cradles to Crayons. The nonprofit provides children from birth through age 12 living in homeless or low-income situations and struggling with Clothing Insecurity with the essential items they need to thrive—at home, at school, and at play. At AWS re:Inforce, we will be working with Cradles to Crayons on a program that provides Hygiene Care Kits to those children between the ages of 10-12 in Massachusetts. Get involved by putting together a Hygiene Care Kit or two on Wednesday, June 26th from 7:00AM-11:00AM: Level 1, North Lobby. General Activity
CTF001-R - [REPEAT] Capture the Flag There are two parts of this event that will run simultaneous, a more traditional jeopardy style part and a Castle Defense part. The jeopardy style part will allow participants to work at their own pace through a number of security challenges to identify a specific answer (flag). During the Castle Defense part, participants will get a production workload that they will need to harden and then protect against a number of security events that will occur throughout re:Inforce. The winner will be the top combined score of both parts. Participants can work on both of these parts during breaks, lunch, or even overnight. General Activity
CTF001-R1 - [REPEAT 1] Capture the Flag There are two parts of this event that will run simultaneous, a more traditional jeopardy style part and a Castle Defense part. The jeopardy style part will allow participants to work at their own pace through a number of security challenges to identify a specific answer (flag). During the Castle Defense part, participants will get a production workload that they will need to harden and then protect against a number of security events that will occur throughout re:Inforce. The winner will be the top combined score of both parts. Participants can work on both of these parts during breaks, lunch, or even overnight. General Activity
DEM02-R - [REPEAT] Accelerated Threat Detection: Alert Logic and AWS Over the last 7 years, Alert Logic has helped AWS customers achieve enhanced security and peace of mind. Learn how positive security outcomes are attained by combining human expertise and the latest in AWS security in this engaging session with Jack Danahy, SVP of Security at Alert Logic, and Zach Vinduska, VP of IT Infrastructure and Security at ClubCorp. Hear real-world examples of how expert defenders in Alert Logic’s 24/7 Security Operations Center can help you quickly detect threats, verify them as incidents, and support you in responding quickly and effectively. Demo Session Zach Vinduska Jack Danahy
DEM02-R1 - [REPEAT 1] Accelerated threat detection: Alert Logic and AWS Over the last seven years, Alert Logic has helped AWS customers achieve enhanced security and peace of mind. Learn how positive security outcomes are attained by combining human expertise and the latest in AWS security in this engaging session with Jack Danahy, SVP of security at Alert Logic, and Zach Vinduska, VP of IT infrastructure, security, and compliance at ClubCorp. Hear real-world examples of how expert defenders in Alert Logic’s 24/7 security operations center can help you quickly detect threats, verify them as incidents, and respond swiftly and effectively. Demo Session Zach Vinduska Jack Danahy
DEM03-R - [REPEAT] How to Leverage Traffic Analysis to Navigate through Cloudy Skies How do you establish and maintain consistent security and governance across your dynamic AWS environments, with visibility and control of your security posture? Zohar Alon, Head of Cloud Product Line at Check Point and former CEO of Dome9, discusses security best practices as you scale across VPCs, accounts and regions. He covers considerations and recommendations for network, control plane and identities when building your cloud security strategy. Understand how security orchestration and active protection tools secure your cloud journey. Discover new ways to leverage traffic analysis for security intelligence, threat detection and auto-remediation. Demo Session Zohar Alon
DEM03-R1 - [REPEAT 1] How to leverage traffic analysis to navigate through cloudy skies How do you establish and maintain consistent security and governance across your dynamic AWS environments with visibility and control of your security posture? Zohar Alon, head of cloud product line at Check Point and former CEO of Dome9, discusses security best practices for scaling across virtual private clouds (VPCs), accounts, and regions. He covers considerations and recommendations for networks, control planes, and identities when building your cloud security strategy. In this session, learn how security orchestration and active protection tools secure your cloud journey. Discover new ways to leverage traffic analysis for security intelligence, threat detection, and auto-remediation. Demo Session Zohar Alon
DEM04-R - [REPEAT] Best practices for privileged access & secrets management in the cloud In this session, you learn from real-world scenarios related to privileged access security in cloud environments. Experts from TOTVS and CyberArk provide insights from lessons learned while securing commercial SaaS applications, cloud infrastructure, and internal applications deployed in the cloud. Topics covered include privilege and cloud scenarios (e.g., human access models, support for automation, proactive controls, and programmatic deployment), as well as best practices and augmentation of existing security controls for privilege and secrets management on the AWS Cloud. We also cover limited use of root accounts, considerations for human administrator access in the cloud, and success with hybrid cloud environments. Demo Session Brandon Traffanstedt Leandro Soares Costa
DEM04-R1 - [REPEAT 1] Best practices for privileged access & secrets management in the cloud  In this session, you learn from real-world scenarios related to privileged access security in cloud environments. Experts from TOTVS and CyberArk provide insights from lessons learned while securing commercial SaaS applications, cloud infrastructure, and internal applications deployed in the cloud. Topics covered include privilege and cloud scenarios (e.g., human access models, support for automation, proactive controls, and programmatic deployment), as well as best practices and augmentation of existing security controls for privilege and secrets management on the AWS Cloud. We also cover limited use of root accounts, considerations for human administrator access in the cloud, and success with hybrid cloud environments. Demo Session Leandro Soares Costa Brandon Traffanstedt
DEM05-R - [REPEAT] Shifting everywhere: Security and the cloud at 3M in the ’20s The cloud has been a topic of interest and excitement for more than a decade, but many organizations are still trying to figure out how to balance security with the freedom to use the cloud to innovate. Jason Pryor, cloud security engineering manager for 3M, shares how he is approaching cloud security at 3M today and where he believes that cloud security needs to go as we enter a new decade. Come hear how security has to adapt in the cloud era to support new business rules everywhere. Demo Session Jason Pryor
DEM05-R1 - [REPEAT 1] Shifting Everywhere: Security and Cloud at 3M in the ’20s Cloud has been the talk of the town for more than a decade, but many organizations are still trying to figure out how to balance security with the freedom to use the cloud to innovate. Jason Pryor, Cloud Security Engineering Manager for 3M, shares how he is approaching cloud security at 3M today, and where he believes cloud security needs to go as we enter a new decade. Come hear how security has to adapt in the cloud era to support new business rules everywhere. Demo Session Jason Pryor
DEM06 - Making application threat intelligence practical The daily volume of cyberattacks that target applications and the frequency of associated breaches is overwhelming to even the most experienced security professionals. We cover important lessons learned from F5 Labs’ analysis of global attack data and breach root causes that are attributed to application threats. This helps you understand attackers’ top targets and motives and the changing application security landscape of systems used to launch application attacks. Addressing these threats requires practical controls that organizations can be successful with. We offer tips and tricks that you can work on immediately to address common application threats and appropriately prioritize your application security controls. Demo Session Preston Hogue
DEM07 - Integrating network and API security into your application lifecycle In this session, we discuss the contention between traditional network security practices and the agile development processes typically associated with cloud computing. We also introduce new approaches used by Fortinet customers that help cloud teams and security teams share a common language and secure their business more effectively—without introducing additional friction and operational overhead. Demo Session Lior Cohen
DEM10 - Keep That Silver Lining Inside Your Cloud Cloud is here, and AWS is leading the charge in enabling customers to migrate their data centers and data to the cloud. With these changing needs, enterprises need a proactive, automated approach to monitoring and securing the cloud infrastructure. During this session, learn how a major financial institution made a smooth transition to the AWS Cloud and their journey in securing their IaaS infrastructure starting from visibility, protecting their workloads, data, and users, and at the same time staying compliant to PCI-DSS and SOC2. AWS services working in tandem with Symantec solutions make this automation and continuous protection possible. Demo Session Anand Visvanathan
DEM11-R - [REPEAT] Pragmatic container security Containers accelerate development and address the challenges of application packaging and delivery. Thanks to containers, teams can quickly and reliably deploy their applications. But solutions always come with a cost. Containers simplify the developer experience by pushing complexity down into the infrastructure. This shift requires a change in the security approach in order to preserve the advantages that containers bring. In this talk, we use practical examples to understand the security strategy using the AWS shared responsibility model, and we cover tactics that you need to continue accelerating development while meeting your container deployment security goals on AWS. Demo Session Jeff Westphal
DEM11-R1 - [REPEAT 1] Pragmatic Container Security Containers accelerate development. They address the challenge of application packaging and delivery. Thanks to containers, teams can quickly and reliably deploy their applications. But solutions always come with a cost. Containers simplify the developer experience by pushing complexity down into the infrastructure. This shift requires a change in the security approach in order to preserve the advantages containers bring. In this talk, we use practical examples to understand the security strategy, using the AWS Shared Responsibility Model, and cover tactics you need to continue to accelerate development while meeting your container deployment security goals on AWS. Demo Session Jeff Westphal
DEM12-R - [REPEAT] Governance for the Cloud Age In this session, we define cloud governance and explain its role in achieving security, compliance, and architecture best practices. Using real-world case studies from Fortune 100 enterprises, we demonstrate how governance automation is being used to accelerate the migration and ongoing operations of hundreds of enterprise applications, all while increasing visibility and control for the enterprise. Demo Session Nathan Wallace
DEM13 - Modernizing Traditional Security As containers become the commonplace method for delivering and deploying applications, we’ve seen more of our customers taking a “lift-and-shift” approach to migrating their existing applications. In this session, John Morello from Twistlock discusses a non-profit that provides environmental science and engineering oversight to some of the world’s largest civil waterworks projects. This organization relies on a critical 14-year-old app that models storm surge. The move to containers for this application delivered immediate benefits, making it easier to manage vulnerabilities, ensure regulatory compliance, and provide runtime defense. In this session, we break down the security advantages of containers relative to traditional architectures. Demo Session John Morello
DEM14 - Integrating AppSec into Your DevSecOps on AWS DevSecOps is driving the use of security testing throughout the application lifecycle, from initial development to production monitoring. Application security (AppSec) testing is unlike other forms of security in that it directly impacts the daily routines of developers. David Wayland, former developer and current Director of Enterprise Application Security for a Fortune 500 financial institution, discusses securing CI/CD pipelines from his unique development and security team perspective. He reveals best practices gained from his nearly 10 years of running AppSec programs – including one currently migrating to the cloud - that can be used to drive your own DevSecOps success. Demo Session Dave Wayland
DEV01 - Advanced security automation made simple Security is often misunderstood and addressed in the last stages of a build. Operationally, it’s ignored until there is an emergency. In this talk, we review a few advanced security processes and discuss how to easily automate them using common tools in the AWS Cloud. This approach helps you and your team increase the security of your build while reducing the overall operational requirement of security in your stack. Leave this dev chat with everything you need to start automating security. Dev Chat Mark Nunnikhoven
DEV02 - How to use AI to make your cloud more secure From bots to robots, intelligence engineering is changing the way we interact with the world around us. Cybersecurity systems that run in cloud environments have the ability to create massive data sets, which can benefit from real-time analysis and action. Learn how artificial intelligence (AI) and machine learning can be leveraged across your enterprise to transform cloud security at scale. Dev Chat Alice Rison
DEV03 - Learn to love the AWS Command Line Interface The AWS Command Line Interface (AWS CLI) allows developers to automate some of the most common tasks. Learn 20 of A Cloud Guru’s favorite commands in just 20 minutes! Dev Chat Ryan Kroonenburg
DEV04 - IoT security: Prevent your devices from becoming attack vectors The Internet of Things (IoT) is enabling new and existing businesses to build better products, provide new services, and improve business outcomes through a more connected world. The same connectivity provides malicious actors with billions of new targets to steal data from, take control of systems from, or otherwise wreak havoc on. In this talk, we discuss key threats to be aware of when building an IoT device or platform. We also cover ways to mitigate the risks. Dev Chat Amir Kashani
DEV05 - Security from a developer perspective Developers often think of security as an external requirement to their work or even as an implementation on top of the systems that they build. In this talk, we review why developers should care about security in their own work, how they should think about risk, and how they can become security champions in their organizations. Dev Chat Ben Kehoe
DEV06 - Tips and best practices for the AWS security specialty certification AWS launched a security certification that allows specialists to demonstrate their skills, which are in high demand. Learn about the major areas of security and the AWS services that you need to know in order to become a security specialist and obtain the AWS certification. Dev Chat Faye Ellis
DEV07 - Dear devs, impress your CISO by building strong from the start With the move to full-stack developers taking on more responsibilities for their infrastructure and applications, having a thorough understanding of security best practices is a critical skill. Join this dev chat to learn the ten biggest issues that are created by poor development practices and how developers can avoid becoming a security threat to their own company. Leave with the know-how to avoid common pitfalls and to ensure that you are strengthening your company’s security. Dev Chat Terren Peterson
DEV08 - Threat hunting in CloudTrail and GuardDuty This dev chat covers how WarnerMedia uses Amazon GuardDuty, AWS CloudTrail, and an in-house inventory tool (Antiope) to root out cloud vulnerabilities, insecure behavior, and potential account compromise activities across a large number of accounts. We cover how WarnerMedia centralizes and automates its security tooling, offer detailed Splunk queries for GuardDuty and CloudTrail, and discuss how Antiope is used for vulnerability hunting. Leave this chat with a strategy and an actionable set of detections for finding potential data breaches and account compromises. Dev Chat Chris Farris
DEV09 - Architecting your cloud with security in mind Learn how you can use the AWS Well-Architected Tool to help you ask the right questions when building an AWS environment with security in mind. In this talk, we review the principles of architecture with a focus on security best practices from the perspective of the AWS WA Tool. Dev Chat Chris Williams
DEV10 - Are you ready for a Cloud pentest? What exactly is an AWS penetration test? This session covers the different aspects of cloud security that a penetration test can address. Do you know your test scope? Do you want an internal scan? An external scan? What about exploitation? Exfiltration? What about devices and software that are accessing your cloud? What about social engineering and phishing? And are you ready for a penetration test? Other options could be more effective at improving cloud security in your organization prior to carrying out a penetration test. Join us to chat about these topics! Dev Chat Teri Radichel
DEV11 - Stop PII leaks in a hybrid cloud environment with AI The business need to protect sensitive data, such as personally identifiable information (PII), on premises and in the cloud cannot be overemphasized. Enterprises must effectively detect and quarantine sensitive data based on their own data classification schemes before that data crosses the perimeter. Join Sri Krishnamacharya from Equifax as he demonstrates the use of Natural Language Toolkit (NLTK) libraries and Amazon Comprehend to consistently read, tag, and classify data based on a proprietary classification scheme, both on premises and in the cloud. Dev Chat Sri Krishnamacharya
DEV12 - Serverless security: Best practices and mitigation strategies There are many inherent security benefits of using serverless, such as the elimination of the need to patch servers or allow direct network access to functions. However, using serverless does introduce additional complexities to how we build, deploy, and secure applications. In this talk, we examine some common attack vectors, introduce several serverless security best practices, and discuss how we can apply those best practices to increase our overall security posture. Dev Chat Jeremy Daly
FND201-R - [REPEAT] AWS Executive Security Simulation In this workshop, senior security management, IT, and business executive teams participate in an experiential exercise that illuminates the key decision points of a successful and secure cloud journey. During the team-based, game-like simulation, participants leverage an industry case study and make strategic decisions and investments around security, risk, and compliance. Participants experience the impact of these investments and decisions on the critical aspects of their secure cloud adoption. They also learn applicable decision and investment approaches to specific secure cloud adoption journeys. They walk through real-life examples, receive practical advice from AWS facilitators, and they leave with an understanding of the major success factors for building security, risk, and compliance in the cloud. This workshop is designed for executives who are leading a secure cloud journey, including the CISO, senior security and risk management leaders, and CIO/CTO. Non-IT participants who are key to executing the cloud security strategy are also encouraged to attend. Workshop Gili Lev
FND201-R1 - [REPEAT 1] AWS Executive Security Simulation In this workshop, senior security management, IT, and business executive teams participate in an experiential exercise that illuminates the key decision points of a successful and secure cloud journey. During the team-based, game-like simulation, participants leverage an industry case study and make strategic decisions and investments around security, risk, and compliance. Participants experience the impact of these investments and decisions on the critical aspects of their secure cloud adoption. They also learn applicable decision and investment approaches to specific secure cloud adoption journeys. They walk through real-life examples, receive practical advice from AWS facilitators, and they leave with an understanding of the major success factors for building security, risk, and compliance in the cloud. This workshop is designed for executives who are leading a secure cloud journey, including the CISO, senior security and risk management leaders, and CIO/CTO. Non-IT participants who are key to executing the cloud security strategy are also encouraged to attend. Workshop Gili Lev
FND202-R - [REPEAT] Privacy by design on AWS This workshop is designed to support customers who apply due diligence and discovery efforts around data privacy regulations and compliance frameworks. We provide an introductory overview of AWS and data privacy. We also discuss the AWS shared responsibility model and where data can live in AWS environments. Finally, we give an overview of the available AWS services and features that support data privacy compliance. Workshop Tomas Clemente Sanchez Jonathan Jenkyn
FND202-R1 - [REPEAT 1] Privacy by design on AWS This workshop is designed to support customers who apply due diligence and discovery efforts around data privacy regulations and compliance frameworks. We provide an introductory overview of AWS and data privacy. We also discuss the AWS shared responsibility model and where data can live in AWS environments. Finally, we give an overview of the available AWS services and features that support data privacy compliance. Workshop Jonathan Jenkyn Tomas Clemente Sanchez
FND203-R - [REPEAT] Mitigate risk using cloud-native infrastructure security Whether you're migrating existing workloads or creating something new in AWS, it can be tempting to bring your current security solutions with you. In this builder session, we help you identify which cloud-native solutions can mitigate the same risks while providing scalability, reliability, and cost optimization at a low operational burden. Builders Session Cassia Martin
FND203-R1 - [REPEAT 1] Mitigate risk using cloud-native infrastructure security Whether you're migrating existing workloads or creating something new in AWS, it can be tempting to bring your current security solutions with you. In this builder session, we help you identify which cloud-native solutions can mitigate the same risks while providing scalability, reliability, and cost optimization at a low operational burden. Builders Session Cassia Martin
FND204-R - [REPEAT] Sharing services securely across VPCs and accounts In this builder session, we briefly introduce AWS PrivateLink, and then we build an application service that we will securely make available to consumers in a different account using AWS PrivateLink. Attendees also experience using AWS services that support secure access using VPC endpoints. Builders Session Neeraj Verma
FND204-R1 - [REPEAT 1] Sharing services securely across VPCs and accounts In this builder session, we briefly introduce AWS PrivateLink, and then we build an application service that we will securely make available to consumers in a different account using AWS PrivateLink. Attendees also experience using AWS services that support secure access using VPC endpoints. Builders Session Neeraj Verma
FND205-R - [REPEAT] IAM at enterprise scale: Patterns and tradeoffs In order to balance developer productivity and security goals, like the principle of least privilege, AWS recommends that enterprises implement a multi-account strategy using AWS Organizations, AWS Identity and Access Management (IAM) roles, and other related services. However, this presents operational challenges for identity and access management. In this chalk talk, we describe the key building blocks of an enterprise solution using IAM, and we compare four patterns for addressing this challenge: fine-grained, departmental, AWS centric, and native IAM. Chalk Talk Ilya Epshteyn Kenneth Jackson
FND205-R1 - [REPEAT 1] IAM at enterprise scale: Patterns and tradeoffs In order to balance developer productivity and security goals, like the principle of least privilege, AWS recommends that enterprises implement a multi-account strategy using AWS Organizations, AWS Identity and Access Management (IAM) roles, and other related services. However, this presents operational challenges for identity and access management. In this chalk talk, we describe the key building blocks of an enterprise solution using IAM, and we compare four patterns for addressing this challenge: fine-grained, departmental, AWS centric, and native IAM. Chalk Talk Ilya Epshteyn Kenneth Jackson
FND206-R - [REPEAT] Delegating permissions management using IAM permissions boundaries As organizations grow, administrators want to allow trusted employees to configure and manage IAM permissions so their organizations can scale permission management and move workloads to AWS faster. In this session, we introduce permissions boundaries—a powerful tool that controls the maximum permissions an employee can grant—and we demonstrate how to use them to delegate permissions to developers. We also help customers implement a use case for permissions boundaries and help them delegate permissions to their developers. Attendees should know how to create IAM permissions policies, users, and roles. Chalk Talk Sulay Shah Dan Popick
FND206-R1 - [REPEAT 1] Delegating permissions management using IAM permissions boundaries As organizations grow, administrators want to allow trusted employees to configure and manage IAM permissions so their organizations can scale permission management and move workloads to AWS faster. In this session, we introduce permissions boundaries—a powerful tool that controls the maximum permissions an employee can grant—and we demonstrate how to use them to delegate permissions to developers. We also help customers implement a use case for permissions boundaries and help them delegate permissions to their developers. Attendees should know how to create IAM permissions policies, users, and roles. Chalk Talk Dan Popick Sulay Shah
FND207-R - [REPEAT] Building a well-engaged and secure AWS account access management Building a well-managed and secure AWS account access management for enterprise customers and AWS partners is essential for managing a large number of AWS accounts. In this session, we review new features, best practices, and the risks involved when architecting organizational units. We also cover how to build dynamic access structures. Workshop Marcus Fritsche
FND207-R1 - [REPEAT 1] Building a well-engaged and secure AWS account access management Building a well-managed and secure AWS account access management for enterprise customers and AWS partners is essential for managing a large number of AWS accounts. In this session, we review new features, best practices, and the risks involved when architecting organizational units. We also cover how to build dynamic access structures. Workshop Marcus Fritsche
FND208-R - [REPEAT] SOARing in AWS Is your organization struggling to keep up with the current threat landscape? Security operations rely primarily on manually created and maintained document-based procedures, which lead to issues such as long mean time to response, ancestral knowledge, and inconsistencies in executing operational functions. If these are your challenges, then you can use a Security Orchestration, Automation, and Response (SOAR) mechanism within AWS. In traditional environments, this required considerable investment, but on AWS, the same objectives are achieved in a cost-effective manner. This session allows you to explore and dive deep into AWS services that can enable SOAR in your AWS environment. Builders Session Farhan Farooq
FND208-R1 - [REPEAT 1] SOARing in AWS Is your organization struggling to keep up with the current threat landscape? Security operations rely primarily on manually created and maintained document-based procedures, which lead to issues such as long mean time to response, ancestral knowledge, and inconsistencies in executing operational functions. If these are your challenges, then you can use a Security Orchestration, Automation, and Response (SOAR) mechanism within AWS. In traditional environments, this required considerable investment, but on AWS, the same objectives are achieved in a cost-effective manner. This session allows you to explore and dive deep into AWS services that can enable SOAR in your AWS environment. Builders Session Farhan Farooq
FND209-R - [REPEAT] The fundamentals of AWS cloud security The services that make up AWS are many and varied, but the set of concepts you need to secure your data and infrastructure is simple and straightforward. By the end of this session, you will know the fundamental patterns that you can apply to secure any workload you run in AWS with confidence. We cover the basics of network security, the process of reading and writing access management policies, and data encryption. Session Becky Weiss
FND209-R1 - [REPEAT 1] The fundamentals of AWS cloud security The services that make up AWS are many and varied, but the set of concepts you need to secure your data and infrastructure is simple and straightforward. By the end of this session, you will know the fundamental patterns that you can apply to secure any workload you run in AWS with confidence. We cover the basics of network security, the process of reading and writing access management policies, and data encryption. Session Becky Weiss
FND210 - Implementing your landing zone One of the first questions that customers ask during their cloud journeys is how to establish and build AWS environments or landing zones. In this session, we discuss best practices for establishing a scalable approach and necessary landing zone framework. We present an overview of the approach and solutions to help you implement a landing zone. We also introduce the AWS Landing Zone, which is an automated solution for setting up a robust, flexible AWS environment, and we discuss how it reduces the time needed to get started. Finally, we provide a high level overview of AWS Control Tower and how it fits into the overall approach. Session Sam Elmalak
FND211-R - [REPEAT] AWS VPN solutions Many enterprises, on their journey to the cloud, require consistent and highly secure connectivity among their existing data centers, their staff, and AWS environments. In this session, we walk through the different architecture options for establishing this connectivity using AWS Site-to-Site VPN and AWS Client VPN. For each option, we evaluate the considerations and discuss performance, high availability, encryption, and cost. Builders Session Tom Adamski
FND211-R1 - [REPEAT 1] AWS VPN solutions Many enterprises, on their journey to the cloud, require consistent and highly secure connectivity among their existing data centers, their staff, and AWS environments. In this session, we walk through the different architecture options for establishing this connectivity using AWS Site-to-Site VPN and AWS Client VPN. For each option, we evaluate the considerations and discuss performance, high availability, encryption, and cost. Builders Session Kaartik Viswanath
FND212 - Amazon FreeRTOS security best practices Amazon FreeRTOS is an open-source operating system for cloud-connected embedded devices. As customers start working on embedded Internet of Things projects, they ask AWS for security best practices. In this session, we discuss provisioning, device authentication and authorization, secure software updates, and monitoring. Finally, we show these lifecycle considerations in context by demonstrating an over-the-air firmware update to an embedded developer board, highlighting the many security-relevant steps in the workflow. Session Dan Griffin
FND213-R - [REPEAT] Hands-on with AWS Security Hub AWS Security Hub has the ability to ingest security findings from third-party security partners or security findings that organizations generate on their own. Additionally, the custom event feature of Security Hub allows organizations to make the appropriate response to a finding. In this session, get hands-on experience with Security Hub by integrating third-party security findings for your AWS environment, building out your own custom security finding integration, and defining and implementing custom events to respond to the security findings in your AWS environment. Workshop Joshua Hammer Scott Ward
FND213-R1 - [REPEAT 1] Hands-on with AWS Security Hub AWS Security Hub has the ability to ingest security findings from third-party security partners or security findings that organizations generate on their own. Additionally, the custom event feature of Security Hub allows organizations to make the appropriate response to a finding. In this session, get hands-on experience with Security Hub by integrating third-party security findings for your AWS environment, building out your own custom security finding integration, and defining and implementing custom events to respond to the security findings in your AWS environment. Workshop Scott Ward Joshua Hammer
FND214 - An AWS approach to higher standards of assurance with provable security In this session, learn about the AWS provable security initiative, a collection of automated reasoning technologies that help prove the correctness of key security components both in and out of the cloud. Also learn about AWS tools, such as Tiros and Zelkova, that reason with respect to AWS IAM governance and networks, and are setting new standards for how to protect virtualization layers of the cloud. Further, we discuss how these technologies can help customers remain secure both today and in the future. Session Byron Cook
FND215 - Best practices for choosing identity solutions for applications + workloads Identity requirements for consumer-facing applications differ significantly from those for workforce applications and cloud resources. Learn the best practices for choosing the right identity platform on AWS for your consumer-facing applications and for centrally managing access to all your business applications and AWS resources. Come learn about the proper use cases for implementing single sign-on (SSO) and Amazon Cognito, security best practices, and configuration guidance. Session Karen Haberkorn
FND216 - Threat detection on AWS: An introduction to Amazon GuardDuty Amazon GuardDuty is a threat detection system that is reimagined and purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. You do not have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. This session introduces you to GuardDuty, walks you through the detection of an event, and discusses the various ways you can react and remediate. Session Ryan Holland
FND217 - It’s in my backlog: The truth behind DevSecOps The term DevSecOps has often been confused with securing DevOps, with security operations, or with using a secure development lifecycle in agile development. When you build security into DevOps and even into agile development, when do practices such as threat modeling, static application security testing, and dynamic application security testing occur? This session explains how sound architecture and implementation is key to providing DevSecOps capability with AWS. A core concept is that cybersecurity requirements are foundational and cannot be placed on a backlog indefinitely while development and operations are actively worked on. Session Shawn Harris Randall Brooks
FND218 - How to act on your security and compliance alerts with AWS Security Hub Learn about AWS Security Hub and how it gives you a comprehensive view of your high-priority security alerts and compliance status across AWS accounts. See how Security Hub aggregates, prioritizes, and helps you act on your alerts from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner solutions. Session Ely Kahn Scott Ward Rob Morris Jason Fuller
FND219 - Capital One case study: Addressing compliance and security within AWS Capital One is a leading global financial institution that has reimagined banking. Attend this session to learn how the company is governing and securing mission-critical infrastructure, its AWS environment, and its users and customers by building an integrated identity governance program that secures the organization and enables its workforce. Capital One shares its successes and lessons learned while building its identity strategy, and it covers what the company recommends that you consider when building or expanding your identity program. Learn how Capital One secures the wallet that it refers to when asking, “What’s in your wallet?” Session Jing Zhu Kevin Bumgarner
FND220-R - [REPEAT] Best practices for proactive security testing One of the core tenets of DevSecOps and the world of Application security is to build security right from design and test as early as possible. This reduces the cost of remediating vulnerabilities in production. In this session, we walk you through how to build a threat model and drive security implementation and proactive security testing including attacker scenarios for penetration testing/red teaming exercises. Builders Session Reef Dsouza
FND220-R1 - [REPEAT 1] Best practices for proactive security testing One of the core tenets of DevSecOps and the world of Application security is to build security right from design and test as early as possible. This reduces the cost of remediating vulnerabilities in production. In this session, we walk you through how to build a threat model and drive security implementation and proactive security testing including attacker scenarios for penetration testing/red teaming exercises. Builders Session Kevin Higgins
FND221 - Implement access control to data in AWS services using KMS AWS Key Management Service (KMS) gives you centralized control over the encryption keys used to protect your data. In this builders session, we demonstrate how to create key policies to limit access to encrypted data. Learn how to create encryption keys in AWS KMS and how to implement key policies using conditions. We also show you how to use Amazon CloudWatch to alarm on your encryption key usage. Builders Session Raj Copparapu
FND222-R - [REPEAT] Modernizing security architecture for the cloud This session shows security professionals how to move to the cloud in a way that is similar to traditional security architecture, with demilitarized zones, inbound and outbound proxies, and more. We show architecture patterns on AWS that can help you migrate to AWS products and services. This is important for those with traditional backgrounds who are uncomfortable with how to meet security policies on AWS. Leave with an understanding of security architecture patterns that you can use to design a secure AWS environment at your company. Services covered include Amazon VPC, AWS PrivateLink, AWS WAF, CloudFront, Elastic Load Balancing, Amazon EC2, and GuardDuty. Builders Session Stephen Quigg
FND222-R1 - [REPEAT 1] Modernizing security architecture for the cloud This session shows security professionals how to move to the cloud in a way that is similar to traditional security architecture, with demilitarized zones, inbound and outbound proxies, and more. We show architecture patterns on AWS that can help you migrate to AWS products and services. This is important for those with traditional backgrounds who are uncomfortable with how to meet security policies on AWS. Leave with an understanding of security architecture patterns that you can use to design a secure AWS environment at your company. Services covered include Amazon VPC, AWS PrivateLink, AWS WAF, CloudFront, Elastic Load Balancing, Amazon EC2, and GuardDuty. Builders Session Stephen Quigg
FND223-R - [REPEAT] Security cartography: Assembling the building blocks needed for cloud security In this chalk talk, we describe the key building blocks of a comprehensive cloud security strategy. We also walk you through the process of building a security baseline using the AWS Cloud Adoption Framework Security Perspective, security cartography techniques, and the Center for Internet Security (CIS) framework. Attending this chalk talk helps you build the confidence and security capabilities necessary to move increasingly sensitive workloads to AWS. Chalk Talk Steven Laino
FND301-R - [REPEAT] Build end-to-end IT lifecycle management on AWS In this workshop, cloud architects, Cloud Center of Excellence (CCOE) team members, and IT managers learn how to launch and operate governed cloud workloads on AWS by leveraging AWS management tools. They extend a sample catalog containing Amazon EC2, Amazon S3, and so on, and enable catalog users to only manage the resources they create. They then perform the IT service management process integration using ServiceNow as an example solution.   For this hands-on session, you are required to bring your own laptop and an AWS account.     Workshop MaSonya Scott Sagar Khasnis
FND301-R1 - [REPEAT 1] Build end-to-end IT lifecycle management on AWS In this workshop, cloud architects, Cloud Center of Excellence (CCOE) team members, and IT managers learn how to launch and operate governed cloud workloads on AWS by leveraging AWS management tools. They extend a sample catalog containing Amazon EC2, Amazon S3, and so on, and enable catalog users to only manage the resources they create. They then perform the IT service management process integration using ServiceNow as an example solution. This hands-on session requires each participants to bring a laptop to the workshop. Workshop Sagar Khasnis MaSonya Scott
FND302 - Data encryption concepts in AWS In this hands-on workshop, we use the AWS Cloud9 IDE to learn about data encryption services, such as AWS Key Management Service (KMS) and AWS Certificate Manager (ACM). We also explore various aspects of AWS KMS and AWS ACM private certificate authority. Workshop Ram Ramani
FND304-R - [REPEAT] Implementing authentication for your serverless workloads Serverless applications can reduce operational overhead, allowing you to focus on the innovation and security of your application. One way to add security to Amazon S3 is with Amazon S3 Block Public Access and CloudFront origin access identities. Amazon Cognito can provide additional security with user sign-up, sign-in, and access control. In this talk, we show and discuss the advantages of using CloudFront, Amazon S3, Amazon Cognito, and IAM to create a secure, serverless application. If you want to learn more about S3 security and about integrating identity into your application with Amazon Cognito, this talk is for you. Chalk Talk James Meyer
FND304-R1 - [REPEAT 1] Implementing authentication for your serverless workloads Serverless applications can reduce operational overhead, allowing you to focus on the innovation and security of your application. One way to add security to Amazon S3 is with Amazon S3 Block Public Access and CloudFront origin access identities. Amazon Cognito can provide additional security with user sign-up, sign-in, and access control. In this talk, we show and discuss the advantages of using CloudFront, Amazon S3, Amazon Cognito, and IAM to create a secure, serverless application. If you want to learn more about S3 security and about integrating identity into your application with Amazon Cognito, this talk is for you. Chalk Talk James Meyer
FND305-R - [REPEAT] Supercharging your workload defenses with AWS WAF, Amazon Inspector, and AWS Systems Manager Your mission in this builder session is to use AWS WAF, Amazon Inspector, and AWS Systems Manager to build an effective set of controls around your AWS workloads. Learn to use AWS WAF to mitigate common attack vectors against web applications such as SQL injection and cross-site scripting. Additionally, learn how to use Amazon Inspector and Systems Manager to automate security assessments and operational tasks, such as patching and configuration management, across your Amazon EC2 fleet.   You need a laptop, an active AWS account, an AWS IAM administrator, and familiarity with core AWS services. Builders Session Jeff Levine
FND305-R1 - [REPEAT 1] Supercharging your workload defenses with AWS WAF, Amazon Inspector, and AWS Systems Manager Your mission in this builder session is to use AWS WAF, Amazon Inspector, and AWS Systems Manager to build an effective set of controls around your AWS workloads. Learn to use AWS WAF to mitigate common attack vectors against web applications such as SQL injection and cross-site scripting. Additionally, learn how to use Amazon Inspector and Systems Manager to automate security assessments and operational tasks, such as patching and configuration management, across your Amazon EC2 fleet. You need a laptop, an active AWS account, an AWS IAM administrator, and familiarity with core AWS services. Builders Session Cameron Worrell
FND306-R - [REPEAT] How to secure your Active Directory deployment on AWS Many enterprises use Active Directory for authentication, server and workstation management, group policy management, and more. It’s also one of the first applications to be deployed on AWS by those building or migrating Windows applications at scale. There are two primary models for running Active Directory on AWS: AWS Managed Microsoft AD and self-managed Active Directory on Amazon EC2. We discuss best practices for securing Active Directory deployment on AWS and the shared responsibility model for running AWS Managed Microsoft AD. We also examine a reference architecture that follows these best practices. Services include AWS Managed Microsoft AD, Amazon EC2, Amazon EBS, Amazon VPC, and AWS KMS. Session Vinod Madabushi
FND306-R1 - [REPEAT 1] How to secure your Active Directory deployment on AWS Many enterprises use Active Directory for authentication, server and workstation management, group policy management, and more. It’s also one of the first applications to be deployed on AWS by those building or migrating Windows applications at scale. There are two primary models for running Active Directory on AWS: AWS Managed Microsoft AD and self-managed Active Directory on Amazon EC2. We discuss best practices for securing Active Directory deployment on AWS and the shared responsibility model for running AWS Managed Microsoft AD. We also examine a reference architecture that follows these best practices. Services include AWS Managed Microsoft AD, Amazon EC2, Amazon EBS, Amazon VPC, and AWS KMS. Session Vinod Madabushi
FND307-R - [REPEAT] Securing your workloads in the cloud: Best practices using AWS Well-Architected Framework Security best practices help you secure your workloads in the cloud to meet organizational, legal, and compliance requirements. This chalk talk guides you through core security best practices aligned with the AWS Well-Architected Framework. This session discusses how to secure an Amazon EC2-based web application covering identity and access management, detective controls, infrastructure protection, data protection, and incident response. Chalk Talk Ben Potter
FND307-R1 - [REPEAT 1] Securing your workloads in the cloud: Best practices using AWS Well-Architected Framework Security best practices help you secure your workloads in the cloud to meet organizational, legal, and compliance requirements. This chalk talk guides you through core security best practices aligned with the AWS Well-Architected Framework. This session discusses how to secure an Amazon EC2-based web application covering identity and access management, detective controls, infrastructure protection, data protection, and incident response. Chalk Talk Ben Potter
FND308-R - [REPEAT] Managing InfoSec risk during cloud adoption: The executive view Most enterprises have developed bodies of knowledge about risk governance for on-premise data centers. This knowledge influences information security risk management through objectives, priorities, standards, metrics, processes, and roles. The cloud journey offers new perspectives and opportunities for automation and continuous risk mitigation. Customers recognizing the need for change and implementing proactive, top-down approaches find it easier to manage risk. This session covers methods used in advanced stages of cloud adoption and patterns for risk governance that enterprise customers can use. It touches on the AWS security services portfolio and how some customers use these for maturing risk governance. Builders Session Pablo Salazar
FND308-R1 - [REPEAT 1] Managing InfoSec risk during cloud adoption: The executive view Most enterprises have developed bodies of knowledge about risk governance for on-premise data centers. This knowledge influences information security risk management through objectives, priorities, standards, metrics, processes, and roles. The cloud journey offers new perspectives and opportunities for automation and continuous risk mitigation. Customers recognizing the need for change and implementing proactive, top-down approaches find it easier to manage risk. This session covers methods used in advanced stages of cloud adoption and patterns for risk governance that enterprise customers can use. It touches on the AWS security services portfolio and how some customers use these for maturing risk governance. Builders Session Dave Mcdermitt
FND309 - Policy as code: Automating security management processes with AWS IAM and AWS CloudFormation Security is a critical element for highly regulated industries like healthcare. Infrastructure as code provides several options to automate security controls, whether it is implementing rules and guardrails or managing changes to policies in an automated yet auditable way. Learn how 3M implemented a process to automate creation, permission changes, and exception management with IAM policies and AWS CloudFormation, fostering efficient collaborations between security stakeholders across teams. Chalk Talk Luis Colon Dan Blanco James Martin
FND310-R - [REPEAT] How encryption works in AWS: What assurances do you have that unauthorized users won’t access your data? Customers who want their data encrypted on AWS increasingly take advantage of AWS services that allow them to encrypt data and manage access to the encryption keys. This session discusses how your data is encrypted in transit and at rest in AWS services like Amazon EC2, Amazon S3, and Elastic Load Balancing. Learn about the AWS key management options available, such as AWS KMS, CloudHSM, and ACM. The session also covers some of the security controls that AWS uses to minimize risk of compromise by unauthorized users as it works to keep your data safe. Session Ken Beer
FND310-R1 - [REPEAT 1] How encryption works in AWS: What assurances do you have that unauthorized users won’t access your data? Customers who want their data encrypted on AWS increasingly take advantage of AWS services that allow them to encrypt data and manage access to the encryption keys. This session discusses how your data is encrypted in transit and at rest in AWS services like Amazon EC2, Amazon S3, and Elastic Load Balancing. Learn about the AWS key management options available, such as AWS KMS, CloudHSM, and ACM. The session also covers some of the security controls that AWS uses to minimize risk of compromise by unauthorized users as it works to keep your data safe. Session Ken Beer
FND311 - Don’t be a haven for attackers: Mitigate misconfigurations with AWS Service Catalog and Control Tower Security is a growing concern. Misconfigurations and inconsistent deployments provide opportunities for attackers to find vulnerabilities. This underscores the need to enforce policies as more and more production workloads move to the cloud. In this session, we focus on how customers are using Service Catalog as a layered defense-in-depth mechanism to mitigate misconfigurations and variability in workload deployments. In addition, we discuss how Control Tower provides guardrails for policy enforcement. These help customers like World Bank enforce security and manage compliance. Session Kaushik Mohanty Darren House Yu Gao
FND312 - Harnessing diversity to solve a people problem Gender diversity is a challenge facing many organizations as they try to offer solutions that work for everyone. Women currently make up less than 24 percent of the Information Security workforce and less than 7 percent of CEOs in Fortune 500 companies. Decades of research prove that inclusive, diverse teams lead to more innovation, better solutions, and improved outcomes for organizations and customers. In this session, Jenny Brinkley (AWS), Teri Radichel (2nd Sight Lab), Patricia Smith (Cox Automotive), Fiona Williams (Deloitte), and Avni Rambhia (AWS) discuss how they’ve used diversity to produce superior outcomes and offer steps that you can take to replicate their successes. Session Michael Wasielewski Jenny Brinkley Avni Rambhia Teri Radichel Patricia Smith FIONA Williams
FND313-L - Leadership session: Foundational security Senior Principal Security Engineer Don "Beetle" Bailey and Corey Quinn from the highly acclaimed "Last Week in AWS" newsletter present best practices, features, and security updates you may have missed in the AWS Cloud. With more than 1,000 service updates per year being released, having expert distillation of what's relevant to your environment can accelerate your adoption of the cloud. As techniques for operationalizing cloud security, compliance, and identity remain a critical business need, this leadership session considers a strategic path forward for all levels of enterprises and users, from beginner to advanced.  Session Donald (Beetle) Bailey Rohit Gupta Fitz (Philip Fizsimons) Corey Quinn
FND314 - Managing and governing multi-account AWS environments using AWS Organizations As you continue to grow your footprint on AWS, centralized tools and features are required to help govern multiple AWS accounts for account management, security and access control, and resource sharing. This session discusses how you can use AWS Organizations to manage and govern multi-account environments on AWS with security and compliance in mind. This session covers AWS Organizations, IAM, AWS Config, AWS Firewall Manager, CloudTrail, CloudWatch Events, Directory Service, License Manager, Resource Access Manager, and Single Sign-On. Session Raymond Ma
FND315 - Porting a traditional workstation with age-old methodology to the cloud Moving a workstation to the cloud doesn’t need to come with all the baggage of the past. This session covers the process of porting a traditional, standalone workstation with age-old methodology to the cloud and shows you some of the capabilities that are possible in the new world. Attendees also learn best practices for conducting Digital Forensics and Incident Response (DFIR) in a bespoke manner that is made possible by absolute visibility. Services covered in this session include AWS Management Console, AWS CLI, Amazon VPC, Amazon EC2, security groups, and Amazon S3. Builders Session Ryan Washington
FND316 - Secure Amazon SageMaker notebooks and training jobs In this session, cloud architects, Cloud Center of Excellence (CCoE) team members, and IT managers learn how to configure, govern, and monitor Amazon SageMaker managed Jupyter notebooks and training jobs with a focus on security. Attendees are provided AWS CloudFormation scripts to create an infrastructure resource such as a VPC, subnets, Amazon S3 endpoints, a NAT gateway, or VPC flow logs. They then configure and launch Amazon SageMaker managed notebooks and training jobs. Finally, they perform tests to validate security objectives and monitor traffic on notebook and training instances. Builders Session Vikrant Kahlir
FND317-R - [REPEAT] How to audit and remediate resource misconfigurations using AWS management tools In this session, you learn about native AWS tools that can help with inventory management and configuration compliance management. Learn how to use management and governance tools such as AWS Config to query the configuration state of your resources, identify resources that are noncompliant with your policies, and remediate those resources using AWS Systems Manager (SSM) automation documents. Builders Session Eryn Sawyer
FND317-R1 - [REPEAT 1] How to audit and remediate resource misconfigurations using AWS management tools In this session, you learn about native AWS tools that can help with inventory management and configuration compliance management. Learn how to use management and governance tools such as AWS Config to query the configuration state of your resources, identify resources that are noncompliant with your policies, and remediate those resources using AWS Systems Manager (SSM) automation documents. Builders Session Eryn Sawyer
FND318-R - [REPEAT] Simplify and secure your overall network architecture at scale For this session, please familiarize yourself with AWS Transit Gateway and how transit gateways work by referring to material on the public AWS Documentation site. In this session, we introduce AWS Transit Gateway and its functionalities, such as routing domains, attachments, and propagation. We offer a hands-on lab for developing an architecture that provides isolation between environments like production, development, and testing. We also discuss designing, and we design an outbound virtual private cloud for centralized internet access, outbound URL filtering, and data loss prevention scenarios. We conclude by demonstrating the integration of AWS Direct Connect with AWS Transit Gateway. Builders Session Bhavin Desai
FND318-R1 - [REPEAT 1] Simplify and secure your overall network architecture at scale For this session, please familiarize yourself with AWS Transit Gateway and how transit gateways work by referring to material on the public AWS Documentation site. In this session, we introduce AWS Transit Gateway and its functionalities, such as routing domains, attachments, and propagation. We offer a hands-on lab for developing an architecture that provides isolation between environments like production, development, and testing. We also discuss designing, and we design an outbound virtual private cloud for centralized internet access, outbound URL filtering, and data loss prevention scenarios. We conclude by demonstrating the integration of AWS Direct Connect with AWS Transit Gateway. Builders Session Bhavin Desai
FND319-R - [REPEAT] Supercharge Amazon GuardDuty with partners: Operationalizing threat detection and response at scale Amazon GuardDuty can detect a variety of threats related to your AWS account and workloads. However, detection is only the first step! By combining high-fidelity GuardDuty findings with partner products, you can quickly identify, respond to, remediate, and prevent security incidents. In this session, we highlight many of the partner solutions that integrate with GuardDuty and show how they help with identification, response, remediation, and prevention, enabling you to supercharge and centralize your cloud security operations. Builders Session Patrick McDowell
FND319-R1 - [REPEAT 1] Supercharge Amazon GuardDuty with partners: Operationalizing threat detection and response at scale Amazon GuardDuty can detect a variety of threats related to your AWS account and workloads. However, detection is only the first step! By combining high-fidelity GuardDuty findings with partner products, you can quickly identify, respond to, remediate, and prevent security incidents. In this session, we highlight many of the partner solutions that integrate with GuardDuty and show how they help with identification, response, remediation, and prevention, enabling you to supercharge and centralize your cloud security operations. Builders Session Scott Ward
FND321 - Keeping edge computing secure Edge computing is one of the most important enablers of the future. It saves lives, democratizes resources, and reduces costs in scenarios where near real-time action is required. This session covers how to keep edge computing secure. We dive deep into how AWS IoT Greengrass authenticates and encrypts device data for local and cloud communications so that data is never exchanged without proven identity. You can leverage hardware-secured, end-to-end encryption for messages exchanged between devices, an AWS IoT Greengrass core, and the AWS Cloud, and for messages between an AWS IoT Greengrass core and other local devices using the AWS IoT device SDK.   Builders Session Neel Mitra
FND322 - How I learned to stop worrying and love the cloud In this session, learn how AWS and Barclays worked together to make the move to the cloud. From hesitancies and concerns to the features, added controls, and compliance affirmations that allayed them, this is a true customer story of a cloud migration journey. Session Ken Beer Oliver Newbury
FND323-R - [REPEAT] Best practices for preventing data exposure In this session, learn how to configure AWS Config, Amazon CloudWatch Events, and AWS Lambda to prevent unauthorized exposure of enterprise data. This session also provides best practices for preventing misconfiguration of resources, including Amazon S3 and other services. Builders Session Aaron Lima
FND323-R1 - [REPEAT 1] Best practices for preventing data exposure In this session, learn how to configure AWS Config, Amazon CloudWatch Events, and AWS Lambda to prevent unauthorized exposure of enterprise data. This session also provides best practices for preventing misconfiguration of resources, including Amazon S3 and other services. Builders Session Aaron Lima
FND324 - Secure interactive access to instances using Session Manager AWS Systems Manager Session Manager increases the security posture for instance access with a browser-based, AWS CLI interactive shell experience that requires customer key encryption using AWS KMS and requires no open inbound ports or access or jump servers. Session Manager IAM access control, CloudTrail-audited sessions, and session outputs logged to Amazon S3 or CloudWatch Logs make it easy for IT professionals to control and secure access to instances in operational scenarios while complying with corporate policies and security best practices. Learn how Session Manager works for Linux or Windows instances in the cloud or on premises, and help drive our road map. Builders Session Eric Westfall
FND325-R - [REPEAT] Securing your .NET container secrets As customers move .NET workloads to the cloud, many start to consider containerizing their applications because of the agility and cost savings that containers provide. Combine those compelling drivers with the multi-OS capabilities that come with .NET Core, and customers have an exciting reason to migrate their applications. A primary question is how they can safely store secrets and configuration values that are sensitive to their organizations in containerized workloads. In this builders session, learn how to safely containerize an ASP.NET Core application while leveraging services like ASP.NET Core AWS Secrets Manager and AWS Fargate. Builders Session Carmen Puccio
FND325-R1 - [REPEAT 1] Securing your .NET container secrets As customers move .NET workloads to the cloud, many start to consider containerizing their applications because of the agility and cost savings that containers provide. Combine those compelling drivers with the multi-OS capabilities that come with .NET Core, and customers have an exciting reason to migrate their applications. A primary question is how they can safely store secrets and configuration values that are sensitive to their organizations in containerized workloads. In this builders session, learn how to safely containerize an ASP.NET Core application while leveraging services like ASP.NET Core AWS Secrets Manager and AWS Fargate. Builders Session Carmen Puccio
FND326-S - Data-driven storytelling and security stakeholder engagement Storytelling is a powerful tool for cybersecurity leaders aiming to improve communication with IT and non-IT stakeholders alike; the most trusted advisors are effective storytellers. With the right data—like the recently released 2019 Verizon Data Breach Investigations Report—CISOs and their teams can tell meaningful and relevant stories that help organizations strengthen their security cultures and empower executives to make better decisions about resource allocation and risk tolerance. Session David Grady
FND327 - A security-first approach to delivering end-user computing services Enterprise customers in regulated industries often struggle to meet security and data sovereignty requirements for desktop applications and mobile workers. End-user devices present the challenge of risky endpoints, making critical data vulnerable to attack, loss, or theft. With AWS, you can improve security and compliance by centrally managing endpoints within your VPC without the cost and complexity of on-premises solutions. AWS makes data delivered on end-user devices ephemeral so that employees can access internal applications from personal devices without a local trusted network. Learn how AWS improves security and reduces cost by moving data to the cloud while providing secure, fast access to desktop applications and data.     Session Nathan Thomas Ron Bledsoe
FND328-R1 - [REPEAT 1] Learn how to manage AWS service limits Nearly every Amazon Web Services (AWS) service has limits on how many resources you can launch in a specific AWS Region at a given time. AWS maintains service limits to help provide highly-available, reliable, and robust services to all of our customers, and to minimize billing risk for new customers. In this session you can learn best practices on how to manage your limits as your AWS workloads scale. Builders Session Caitlyn Shim
GRC201 - Design for compliance: Practical patterns for meeting your IT compliance requirements AWS offers a wide variety of services and features that help regulated firms meet IT governance requirements and operate in an agile manner. This session is a guided tour of emerging patterns and solutions that help address common IT governance concerns such as zero-trust architecture, immutable production, and controlled change management. Session Kurt Gray
GRC202 - Cloud control fitness Security and compliance are moving from obligation to advantage. Realizing this advantage requires taking a risk-based approach to your cloud control environment and identifying where AWS does the heavy lifting for you. This approach involves using AWS world-class services to create robust directive, preventative, reactive, and responsive controls, and demonstrating the effectiveness of all of them. In this session, you learn how to evaluate your cloud control environment to ensure that it is considering the risks that are relevant for your workloads, giving you a clear path of what needs to be done to confidently move workloads into AWS. Session Kristen Haught Brian Wagner
GRC203-R - [REPEAT] Aligning to the NIST Cybersecurity Framework in the AWS Cloud The NIST Cybersecurity Framework (CSF) is recognized as the de facto guide for best practices in cybersecurity and risk-management for organizations of any size and in any sector or location. In this session, learn how to implement AWS services to align to the 108 outcome-based security activities in the NIST CSF. We discuss the AWS whitepaper and customer workbook, which cover the many AWS services customers can use to align to the NIST CSF, including IAM, AWS CloudTrail, Amazon CloudWatch, Amazon GuardDuty, Amazon Macie, Amazon EC2, Amazon Cognito, AWS SSO, VPC Flow Logs. Session Michael South Min Hyun
GRC203-R1 - [REPEAT 1] Aligning to the NIST Cybersecurity Framework in the AWS Cloud The NIST Cybersecurity Framework (CSF) is recognized as the de facto guide for best practices in cybersecurity and risk-management for organizations of any size and in any sector or location. In this session, learn how to implement AWS services to align to the 108 outcome-based security activities in the NIST CSF. We discuss the AWS whitepaper and customer workbook, which cover the many AWS services customers can use to align to the NIST CSF, including IAM, AWS CloudTrail, Amazon CloudWatch, Amazon GuardDuty, Amazon Macie, Amazon EC2, Amazon Cognito, AWS SSO, VPC Flow Logs. Session Min Hyun Michael South
GRC204 - Unify security, compliance, and finance teams with governance at scale Cloud users typically feel that security, compliance, and finance teams throttle speed and innovation. However, the concerns of security misconfigurations and cloud budget overruns are real threats to the enterprise as adoption scales. Organizations struggle with finding the right balance to empower these teams while giving end-users the autonomy required. The governance at scale framework provides visibility, control, autonomy, and confidence to move enterprises to the cloud. It was built on a decade of lessons learned from the largest customers, including AWS itself. This session shares stories of customer successes using this framework and the impacts to their cloud journeys. Session Doug Vanderpool Brett Miller Brian Price
GRC205 - Implement identity guardrails using permissions boundaries Would you like to enforce the principle of least privilege while allowing your teams the freedom to create and manage their own IAM entities? Using permissions boundaries, you can define the maximum permissions that an identity-based policy can grant to an IAM entity. Join us in this session to learn how to implement permissions guardrails and enforce them on your AWS accounts. Builders Session Mahmoud Matouk
GRC206 - Technology as a means for compliance For regulated data types, such as personally identifiable information, customers often ask the same questions. This session addresses questions on topics that range from deletion of data to third-party assurance reports, and it connects you with the corresponding risk discussions and the applicable AWS technology or supporting language from AWS documentation. Learn how to speed up your risk assessment by equipping yourself with facts and knowledge that will help you make informed decisions about your AWS journey. Session Bertram Dorn
GRC207 - Securing your block storage on AWS Want to simplify the process of meeting compliance goals in a world of increasing data regulation? AWS customers run mission-critical workloads—SQL and NoSQL databases, business applications, data analytics, log analysis—on Amazon EC2, backed by Amazon EBS and EC2 instance storage. Securing data content and storage access is critical to maintaining uptime and meeting compliance needs. In this session, we discuss data security and review the security capabilities of Amazon EBS and EC2 instance storage. Learn how you can benefit from new Amazon EBS features such as encryption by default, launch of encrypted instances from unencrypted AMIs, and simplified sharing of encrypted AMIs. Session Ashish Palekar
GRC208 - Everything you wanted to know about compliance but were afraid to ask This session is for those who are new to cloud security at AWS. We discuss common compliance programs, such as PCI DSS, any ISO, SoC, FedRAMP, and so on. We also cover which industries care about them and how we support them in the context of the AWS Shared Responsibility Model. In addition, we describe why these compliance programs are important to understand at a basic level. Our goal is to help you feel comfortable in describing certain compliance programs when a customer asks you about them. Session Scott Paddock
GRC301 - New ways to automate compliance verification on AWS using provable security The traditional audit methodology of manually sampling, interviewing, and observing provides limited insight into the adherence of a customer’s cloud environment to common regulatory frameworks. The auditor and customer’s challenge is to generate and evaluate evidence of an entire system’s compliance with specific controls, which becomes increasingly difficult with larger code bases. The AWS Provable Security initiative applies automated reasoning technology to automatically prove that a customer’s cloud environment meets certain regulatory standards. In this session, Chad Woolf, AWS VP of Security Assurance, and Byron Cook, director of the AWS Automated Reasoning Group, sit down with a representative from Coalfire, assessor of AWS, to discuss how the Provable Security initiative is creating new, higher-assurance models for auditors and customers. Session Chad Woolf Byron Cook Tom McAndrew
GRC302 - Audibility in Kubernetes with Amazon EKS Amazon Elastic Container Service for Kubernetes (Amazon EKS) is an AWS service offering a managed Kubernetes control plane for customers to orchestrate their containerized applications on Amazon EC2. In this chalk talk, Micah Hausler, AWS system development engineer, explains how customers can ensure the integrity and auditability of their applications on Amazon EKS. He demonstrates the exploitation of a misconfigured web application container, and he conducts a forensic analysis of what happened in the system. Workshop Micah Hausler
GRC304 - Security at the speed of cloud: How to think about it & how you can do it now In this session, we explain how customers can enable business agility by evolving their governance approach to run at the speed of cloud. Learn how to think about security in the AWS Cloud, and receive prescriptive guidance on implementing technology to support your business. Hear about what good looks like, and learn how you can apply this approach in your organization today. Session Paul Hawkins Raisa Hashem
GRC305-R - [REPEAT] Your first compliance-as-code Auditors and security staff can improve their security capabilities by learning how to code. In this workshop, they have the opportunity to start coding for security using AWS CLI, Amazon CloudWatch metrics, Python boto3 (one-liner or AWS Lambda), AWS Config rules, and so on. Throughout the workshop, participants try to solve several security and audit activity issues using AWS services. To join, participants should have a Python 3.x environment on their laptop. While it’s important to know AWS security fundamentals and have some experience applying them, coding experience isn’t necessary. Workshop Shogo Matsumoto
GRC305-R1 - [REPEAT 1] Your first compliance-as-code Auditors and security staff can improve their security capabilities by learning how to code. In this workshop, they have the opportunity to start coding for security using AWS CLI, Amazon CloudWatch metrics, Python boto3 (one-liner or AWS Lambda), AWS Config rules, and so on. Throughout the workshop, participants try to solve several security and audit activity issues using AWS services. To join, participants should have a Python 3.x environment on their laptop. While it’s important to know AWS security fundamentals and have some experience applying them, coding experience isn’t necessary. Workshop Shogo Matsumoto
GRC306 - Architect proper segmentation for PCI DSS workloads on AWS In this session, we discuss how to successfully architect for proper segmentation involving PCI DSS workloads running on AWS. We show you how the segmentation strategies and controls are different from those designed in a traditional on-premises environment, keeping in mind the unique characteristic of the AWS platform. Session Aditya Patel Avik Mukherjee
GRC307 - Build a PCI SAQ A-EP-compliant serverless service to manage credit card payments OLX, the world's leading online classifieds service platform, operates a network of online trading platforms, with over 300M monthly users in over 45 countries. In this session, learn how we built a serverless PCI SAQ A-EP-compliant credit card payment service. Understand how regulation changes affected the solution and the importance of defining the right PCI scope on AWS. Also learn which AWS artifacts are critical and which AWS services can help meet compliance requirements. Session Joaquin Rinaudo
GRC308 - Compliance-level capabilities of RDS & Aurora database engines: Deep dive Amazon RDS and Amazon Aurora make it easy to set up, operate, and scale a relational database in the cloud. In this chalk talk, learn about the specific capabilities that Amazon RDS and Aurora provide that help you satisfy many of the available compliance levels, such as PCI, HIPAA BAA, and FedRAMP. We cover the new capabilities in access management, auditing, and security that have enabled the Amazon RDS and Aurora database engines to meet the various compliance levels. We also cover how to configure and create the Amazon RDS and Aurora instances that satisfy these compliance levels, and we discuss any performance impacts to be aware of when enabling these compliance features. Chalk Talk Timothy Winston Josh Joy
GRC310 - Pop the hood: Next-gen customer audits of AWS Next-gen customer audits of AWS: AWS external audit reports help customers attest to our high bar of security, but AWS customers in the financial services industry often request additional transparency to satisfy their compliance needs and their overall understanding of AWS security posture. Session Brian Wagner Kate Wildman
GRC311 - Customer audits of AWS - at an AWS Audit Symposium This builder session gives a small group of strategic financial services customers a deeper study into the AWS control environment as they explore how to use an AWS Audit Symposium to complete their institution's audit of AWS. Participants get an intimate look into the AWS control framework and are given access to the AWS Audit portal to explore the populations of evidence made available to customers for review at an AWS Audit Symposium. AWS customer audit experts discuss frequently audited controls, how customers can audit AWS data centers at an AWS Audit Symposium, and explore how customers can prepare their third-party due diligence frameworks to get ready to audit AWS directly. This information enables customers to meet their regulatory needs, gain assurance of AWS support of their contractual commitments, and gain exclusive access to AWS confidential information. Builders Session Kate Wildman
GRC313-R - [REPEAT] Using AWS Control Tower to govern multi-account AWS environments at scale AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard. Session Chandar Venkataraman
GRC313-R1 - [REPEAT 1] Using AWS Control Tower to govern multi-account AWS environments at scale AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard. Session Chandar Venkataraman
GRC315-R - [REPEAT] How to create a CIO dashboard of key security metrics using AWS Join this builder session, and learn how to create a CIO dashboard on AWS and provide executives and operations on-demand visibility of their security state. We show you how to build this using AWS Systems Manager, Amazon Inspector, AWS Config, Amazon GuardDuty, AWS Lambda, Amazon S3, and Amazon QuickSight to create automation and update the dashboard that displays key CIO metrics. Builders Session Darren House
GRC315-R1 - [REPEAT 1] How to create a CIO dashboard of key security metrics using AWS Join this builder session, and learn how to create a CIO dashboard on AWS and provide executives and operations on-demand visibility of their security state. We show you how to build this using AWS Systems Manager, Amazon Inspector, AWS Config, Amazon GuardDuty, AWS Lambda, Amazon S3, and Amazon QuickSight to create automation and update the dashboard that displays key CIO metrics Builders Session Darren House
GRC315-R2 - [REPEAT 2] How to create a CIO dashboard of key security metrics using AWS Join this builder session, and learn how to create a CIO dashboard on AWS and provide executives and operations on-demand visibility of their security state. We show you how to build this using AWS Systems Manager, Amazon Inspector, AWS Config, Amazon GuardDuty, AWS Lambda, Amazon S3, and Amazon QuickSight to create automation and update the dashboard that displays key CIO metrics. Builders Session Darren House
GRC315-R3 - [REPEAT 3] How to create a CIO dashboard of key security metrics using AWS Join this builder session, and learn how to create a CIO dashboard on AWS and provide executives and operations on-demand visibility of their security state. We show you how to build this using AWS Systems Manager, Amazon Inspector, AWS Config, Amazon GuardDuty, AWS Lambda, Amazon S3, and Amazon QuickSight to create automation and update the dashboard that displays key CIO metrics. Builders Session Darren House
GRC316 - Continuous compliance with AWS management tools In today’s world, security threats arise daily, and it’s challenging to become and stay compliant with the requirements of all the various compliance frameworks. To react quickly, the most successful teams apply continuous automation, not only to provision and maintain their infrastructure, but also to constantly detect security vulnerabilities. In this session, learn how to achieve this level of automation and compliance using AWS management tools. Discover how to organize your applications using AWS Resource Groups, apply the Chef InSpec framework to use ready-made CIS profiles, and implement dynamic compliance checking using AWS Config rules. Session Rahul Gulati
GRC317 - Balancing cloud innovation and security In an accreditation system, it’s critical to balance the needs for cloud service provider (CSP) security assurance and ensuring an efficient path towards cloud adoption and use. In this session, we share best practices from observing and learning from our participation in a number of government CSP accreditation programs. Information from this session benefits decision makers and cloud users in gaining a broad knowledge of the global CSP accreditation systems that are in operation today. Attendees also gain a deeper understanding of their respective strengths and opportunities for excellence, in addition to how to apply them in their own cloud journey. Session Meng Chow Kang
GRC318-R - [REPEAT] Fear no auditor: Leveraging a DevOps approach to compliance and assessment When the same CI/CD approach that propelled the Cloud Adoption Framework is applied to compliance, it informs the selection and implementation of solutions, and it virtually eliminates the risk of discovering compliance gaps during assessments. This approach also continues to improve compliance, and it reduces assessment efforts during the on-going development and operations of applications. In this builder session, attendees learn how to leverage AWS compliance, customer experiences, AWS Professional Services consultants, and AWS Security Assurance Services team’s Qualified Security Assessors (QSA) to build applications that are compliant with Payment Card Industry Data Security Standard (PCI DSS) at all times. They also learn how to be ready to demonstrate this compliance to assessors. Builders Session Timothy Winston
GRC318-R1 - [REPEAT 1] Fear no auditor: Leveraging a DevOps approach to compliance and assessment When the same CI/CD approach that propelled the Cloud Adoption Framework is applied to compliance, it informs the selection and implementation of solutions, and it virtually eliminates the risk of discovering compliance gaps during assessments. This approach also continues to improve compliance, and it reduces assessment efforts during the on-going development and operations of applications. In this builder session, attendees learn how to leverage AWS compliance, customer experiences, AWS Professional Services consultants, and AWS Security Assurance Services team’s Qualified Security Assessors (QSA) to build applications that are compliant with Payment Card Industry Data Security Standard (PCI DSS) at all times. They also learn how to be ready to demonstrate this compliance to assessor. Builders Session Timothy Winston
GRC319 - Untangling audits using graph databases The security assurance automation team at AWS built a service that aggregates data on various internal AWS resources and enables them to discover insightful relationships among these resources. This service was built using the AWS graph database service, Amazon Neptune. It is being used to generate audit populations and proactively identify security and compliance risks. This chalk talk dives deep into potential compliance challenges that could be addressed using a graph database solution. Chalk Talk Adam Irr Paras Malhotra
GRC320-R - [REPEAT] Build an enterprise compliance management & remediation system on AWS In this builder session, we show you how to build a fleet-wide, cross-account/cross-region, hybrid-cloud enterprise compliance management and remediation system using AWS Systems Manager and Amazon CloudWatch. In addition, we provide compliance stakeholders visibility into the performance of the compliance system by using Amazon QuickSight and Amazon Athena for reporting. Builders Session Rodney Bozo
GRC320-R1 - [REPEAT 1] Build an enterprise compliance management & remediation system on AWS In this builder session, we show you how to build a fleet-wide, cross-account/cross-region, hybrid-cloud enterprise compliance management and remediation system using AWS Systems Manager and Amazon CloudWatch. In addition, we provide compliance stakeholders visibility into the performance of the compliance system by using Amazon QuickSight and Amazon Athena for reporting. Builders Session Siavash Irani
GRC320-R2 - [REPEAT 2] Build an enterprise compliance management & remediation system on AWS In this builder session, we show you how to build a fleet-wide, cross-account/cross-region, hybrid-cloud enterprise compliance management and remediation system using AWS Systems Manager and Amazon CloudWatch. In addition, we provide compliance stakeholders visibility into the performance of the compliance system by using Amazon QuickSight and Amazon Athena for reporting. Builders Session Rodney Bozo
GRC323 - Cloud auditing workshop Auditing in the cloud is different from auditing in on-premises environments. In this workshop, we discuss those differences and share best practices for auditing in the cloud. We provide a cloud- and customer-agnostic foundation for cloud security auditing. In addition to covering necessary building blocks of cloud security, we cover cloud-specific considerations and guidelines that auditors should keep in mind when verifying security controls. Join us, and learn the cloud considerations for auditing from the experts. Workshop Marianne Brockhaus Scott Paddock
GRC324-R - [REPEAT] Use AWS Config rules to satisfy your compliance needs In this session, we show you how to satisfy your compliance department using AWS Config rules. We walk you through enabling Config in a multiaccount environment, mapping your compliance requirements to AWS-managed Config rules to demonstrate continuous compliance, and building and deploying your own AWS Config rules. Learn the basics of AWS Config, Config rules, and the central aggregation of AWS Config information in a single pane of glass. Chalk Talk Sergiu Radulea Koen van Blijderveen
GRC324-R1 - [REPEAT 1] Use AWS Config rules to satisfy your compliance needs In this session, we show you how to satisfy your compliance department using AWS Config rules. We walk you through enabling Config in a multiaccount environment, mapping your compliance requirements to AWS-managed Config rules to demonstrate continuous compliance, and building and deploying your own AWS Config rules. Learn the basics of AWS Config, Config rules, and the central aggregation of AWS Config information in a single pane of glass. Chalk Talk Sergiu Radulea Koen van Blijderveen
GRC325 - Establishing AWS as a trusted partner Customers trust AWS with mission-critical workloads because AWS is designed and built to deliver the most flexible, reliable, scalable, and secure cloud computing environment available today. AWS works to earn that trust by offering transparency, demonstrating consistency, and providing best practices to keep themselves secure. As customers adopt AWS, they traverse several trust-building milestones with due-diligence activities, such as assurance report and AWS Well-Architected Tool reviews and deep dives with AWS subject matter experts. This session addresses these milestones at common AWS adoption stages with examples, questions that customers often ask, and suggestions for how to get started. Session Chris Pennisi
GRC326-L - Leadership session: Governance, risk, and compliance Vice President of Security Chad Woolf, Director of Global Security Practice Hart Rossman, and Security Engineer Rima Tanash explain how governance functionality can help ensure consistency in your compliance program. Some specific services covered are Amazon GuardDuty, AWS Config, AWS CloudTrail, Amazon CloudWatch, Amazon Macie, and AWS Security Hub. The speakers also discuss how customers leverage these services in conjunction with each other. Additional attention is paid to the concept of "elevated assurance," including how it may transform the audit industry going forward. Finally, the speakers discuss how AWS secures its own environment, as well as talk about the control frameworks of specific compliance regulations. Session Chad Woolf Rima Tanash Hart Rossman
GRC327-R - [REPEAT] Up and running with multi-account security guardrails In this session, we provide a crash course on building security guardrails for AWS Landing Zone and AWS Control Tower, as well as templates that you can use in your own environment. We show you how to integrate continuous auditing into the account creation process, and we highlight the immutability and auditability of controls that are deployed by AWS Landing Zone and AWS Control Tower. Topics also include an overview of the security guardrails concept in AWS Landing Zone and AWS Control Tower, best practices for development, and code accelerators to help reduce the time from idea to first detection. Workshop Eric Rose Andy Wickersham
GRC327-R1 - [REPEAT 1] Up and running with multi-account security guardrails In this session, we provide a crash course on building security guardrails for AWS Landing Zone and AWS Control Tower, as well as templates that you can use in your own environment. We show you how to integrate continuous auditing into the account creation process, and we highlight the immutability and auditability of controls that are deployed by AWS Landing Zone and AWS Control Tower. Topics also include an overview of the security guardrails concept in AWS Landing Zone and AWS Control Tower, best practices for development, and code accelerators to help reduce the time from idea to first detection. Workshop Andy Wickersham Eric Rose
GRC328 - Account automation and temporary AWS credential service Riot Games struggled with providing new AWS accounts and API access that met its security requirements, so it built an account provisioning service to ensure that all accounts are created consistently with the required security controls. Riot also built a credential service where developers can grab temporary API keys with one command. This works wherever the developers work, and the credentials automatically expire each day. Riot now provisions new accounts with security guardrails within an hour, and the number of permanent AWS API keys is reduced by 70 percent. Learn how to build similar services using AWS Organizations, AWS Step Functions, AWS Lambda, Amazon CloudFront, and Amazon API Gateway. Session William Green REZA NIKOOPOUR
GRC330-R - [REPEAT] Compliance automation: Set it up fast, then code it your way In this workshop, learn how to detect common resource misconfigurations using AWS Security Hub; how to extend coverage by deploying additional sets of existing rules or your own custom AWS Config rules using our Rule Development Kit (written in Python); and how to automatically remediate compliance violations when they are detected. Python basic skills and a basic understanding of boto3 are required for the coding portion of this workshop. Workshop Raisa Hashem Jonathan Rault
GRC332-R - [REPEAT] Building your DevSecOps tool chain Organizations don’t need to move slowly to move cautiously. AWS offers a suite of tools that make adding automated security and compliance into the DevOps process easy. Use AWS Config to automate compliance (such as Amazon S3 bucket and Amazon EBS volume encryption, security group and subnet security, and AWS IAM role access), and use Amazon GuardDuty to monitor overall security status. We also go over how GuardDuty collects and displays both potential and actual security incidents, and how to make that part of your organization’s DevSecOps process. Builders Session Robert Sosinski
GRC332-R1 - [REPEAT 1] Building your DevSecOps tool chain Organizations don’t need to move slowly to move cautiously. AWS offers a suite of tools that make adding automated security and compliance into the DevOps process easy. Use AWS Config to automate compliance (such as Amazon S3 bucket and Amazon EBS volume encryption, security group and subnet security, and AWS IAM role access), and use Amazon GuardDuty to monitor overall security status. We also go over how GuardDuty collects and displays both potential and actual security incidents, and how to make that part of your organization’s DevSecOps process. Builders Session Robert Sosinski
GRC332-R2 - [REPEAT 2] Building your DevSecOps tool chain Organizations don’t need to move slowly to move cautiously. AWS offers a suite of tools that make adding automated security and compliance into the DevOps process easy. Use AWS Config to automate compliance (such as Amazon S3 bucket and Amazon EBS volume encryption, security group and subnet security, and AWS IAM role access), and use Amazon GuardDuty to monitor overall security status. We also go over how GuardDuty collects and displays both potential and actual security incidents, and how to make that part of your organization’s DevSecOps process. Builders Session Robert Sosinski
GRC333 - Security in the cloud means more than you might think For public sector customers, ensuring compliance and security is vital. AWS provides these organizations with a broad set of cloud-based services to build world-class solutions. In this session, we go over native logging tools in AWS, such as AWS CloudTrail, Amazon CloudWatch Alarms, Amazon CloudWatch Logs, and Amazon GuardDuty. We also cover automated remediation of compliance events, alerting tools, and other methods of implementing compliance. Builders Session Rob Nolen
GRC334 - Build an effective security compliance program that continuously evaluates and remediates your security posture In this session learn how to build a solution that will continuously evaluate your AWS resources for security compliance using AWS Config Rules, Amazon CloudWatch Events, and AWS Lambda. You will also learn how to improve your security posture by correcting or eliminating non-compliant resources. Builders Session Rodney Bozo
GRC335 - Enhancing data lake security with Amazon S3 tools At AWS, security is a top priority, and Amazon S3 is designed primarily to protect our customers’ data. In this session, hear about different management tools you can use to restrict access to sensitive objects stored in your data lake. Learn how to configure finely tuned access policies with resource-based policies and how to define user access policies with AWS IAM. Also learn how to use Amazon S3 Block Public Access, a feature that helps S3 customers enforce a “no public access” policy for an individual bucket, a group of buckets, or an entire account. We also review different encryption options available to S3 data lake customers. Builders Session Nur Sheikhassan
GRC336-R - [REPEAT] Deep Dive on Security in Amazon S3  At AWS, security is our top priority and Amazon S3 provides some of the most advanced data security features available in the cloud today to help you mitigate security risks. In this chalk talk, learn directly from the AWS engineering team that builds and maintains Amazon S3 security functionality, like encryption, block public access, and much more. Bring your feedback, questions, and expertise to discuss innovative ways to ensure that your data is available only to the users and applications that need it. Chalk Talk Sam Parmett Felix Davis
GRC336-R1 - [REPEAT 1] Deep Dive on Security in Amazon S3  At AWS, security is our top priority and Amazon S3 provides some of the most advanced data security features available in the cloud today to help you mitigate security risks. In this chalk talk, learn directly from the AWS engineering team that builds and maintains Amazon S3 security functionality, like encryption, block public access, and much more. Bring your feedback, questions, and expertise to discuss innovative ways to ensure that your data is available only to the users and applications that need it. Chalk Talk Bryant Cutler Felix Davis
GRC337-R - [REPEAT] Secure your data lake on AWS like a bank In this session, we discuss key considerations that customers in the financial services industry (FSI) must focus on as they build out their data lakes on AWS. We dive deep on topics such as selecting the right service based on compliance requirements; authentication and authorization; data governance; data protection requirements, including encryption at rest and in transit; and network protection. We also review proven patterns based on actual FSI data lakes deployed on AWS. Chalk Talk Songzhi Liu Ilya Epshteyn
GRC337-R1 - [REPEAT 1] Secure your data lake on AWS like a bank In this session, we discuss key considerations that customers in the financial services industry (FSI) must focus on as they build out their data lakes on AWS. We dive deep on topics such as selecting the right service based on compliance requirements; authentication and authorization; data governance; data protection requirements, including encryption at rest and in transit; and network protection. We also review proven patterns based on actual FSI data lakes deployed on AWS. Chalk Talk Ilya Epshteyn Songzhi Liu
GRC338 - Continuous compliance: Automating compliance concerns using AWS services Moving to the cloud in a compliant way can be time-consuming, and ensuring compliance over time can be complicated and difficult. With services such as AWS Config, AWS CloudTrail, Amazon CloudWatch, AWS CloudFormation, and Amazon GuardDuty, it's possible to create a centralized view of compliance across multiple accounts—both existing and new. This view is deployed in an automated fashion and is visible as a one-stop dashboard for compliance across an organization. You walk away from this session knowing how to use compliance as code to make your journeys to and in the AWS Cloud easier, with concrete use cases and supporting examples. Builders Session Andrew Langhorn
GRC339 - How FINRA achieves DevOps agility while securing its AWS environments In this presentation, FINRA discusses different aspects of its holistic security strategy. Topics covered include how to leverage AWS native security solutions, how to use logs that tie IP and identity together for network access, how to implement a software-defined perimeter model to augment network-layer security controls, and how FINRA sped up DevOps through a unified and frictionless access strategy. Session Daniel Koo Stephen Mele Jason Garbis
GRC340-R - [REPEAT] Container runtime security and automation The scanning of both container behavior and container vulnerability is important to any modern application environment. In this session, learn how to leverage Amazon EKS and AWS Lambda, along with CNCF Sandbox project Falco, to automate rules and conditions for container security. Builders Session Tres Vance
GRC340-R1 - [REPEAT 1] Container runtime security and automation The scanning of both container behavior and container vulnerability is important to any modern application environment. In this session, learn how to leverage Amazon EKS and AWS Lambda, along with CNCF Sandbox project Falco, to automate rules and conditions for container security. Builders Session Tres Vance
GRC341-R - [REPEAT] Continuous server hardening Many organizations still have static application environments with servers that run for months. Over time, these instances can drift from the desired configuration, increasing the risk to organizations of a breach. In this session, we demonstrate how organizations can use Ansible to harden their servers in accordance with CIS Benchmarks, using AWS Systems Manager and AWS Developer Tools. Learn how easy it is to manage secure server configurations as code using DevOps practices such as CI/CD. Builders Session Luis Tapia
GRC341-R1 - [REPEAT 1] Continuous server hardening Many organizations still have static application environments with servers that run for months. Over time, these instances can drift from the desired configuration, increasing the risk to organizations of a breach. In this session, we demonstrate how organizations can use Ansible to harden their servers in accordance with CIS Benchmarks, using AWS Systems Manager and AWS Developer Tools. Learn how easy it is to manage secure server configurations as code using DevOps practices such as CI/CD. Builders Session Luis Tapia
GRC342 - Scalable encryption: A key to public sector compliance This session dissects two public sector regulations (FERPA and CJIS) to demonstrate how you can use encryption when building on AWS to comply with regulatory requirements and enforce the principle of least privilege. Specifically, we cover how the AWS shared responsibility model offers an opportunity for you to keep regulated data private while taking advantage of the security, scalability, reliability, and innovation of the AWS Cloud. Session Patrick Woods
GRC343 - Presenting Radar: Validation and remediation of AWS cloud resources Liberty Mutual is opinionated about how application teams deliver and deploy code into AWS. Applications must be able to secure all data types, meet security standards, and deploy via automation. Radar is an event-driven, rules-based service for validating and remediating AWS cloud resources, and it ensures that security standards are enforced. In this session, learn about Radar, which is built on AWS and designed to ensure compliance across hundreds of AWS accounts in 14 regions while providing flexibility for rule variation. Whether risks are prevented during continuous integration or detected upon deployment and remediated, the goal is the same: all policy is enforced at the earliest moment of risk. Session Jason Mahosky Jai Schniepp
GRC344 - AWS GovCloud (US) isn’t just for government: Support sensitive workloads From PII, patient medical records, and financial data to law enforcement data, export controlled data, and other forms of CUI, AWS GovCloud (US) Regions help government and commercial customers address compliance and securely support regulated workloads on AWS. Learn how AWS GovCloud (US) Regions address sensitive data and let customers architect secure cloud solutions that comply with the NIST framework; the FedRAMP High baseline; the DOJ Criminal Justice Information Systems Security Policy; US International Traffic in Arms Regulations; Export Administration Regulations; the DOD Cloud Computing Security Requirements Guide for Impact Levels 2, 4, and 5; FIPS 140-2; IRS Pub 1075; and more. Session Keith Brooks
GRC345 - An approach to multi-tenancy in Amazon Cognito Building multi-tenant identity solutions using Amazon Cognito could quickly become an operational burden. With hundreds or even thousands of user pools, automation becomes a key player in effective operation of such a solution. Join us in this talk to learn how to use AWS products and services to operate multi-tenant identity solutions in Amazon Cognito with services like AWS CloudFormation, AWS CodePipeline, and AWS Lambda functions. Chalk Talk Mahmoud Matouk
GRC346 - DNS governance in multi-account and hybrid environments In hybrid environments with workloads running between multiple AWS accounts and customer data centers, DNS management becomes a critical and highly distributed piece of the architecture. A centralized DNS approach allows you to focus governance of this critical piece in a protected account with limited privileges, and it improves your ability to audit and monitor DNS components in your environment. In this session, learn how to implement centralized DNS architecture using AWS native services. We use Amazon Route 53 Resolver, conditional forwarding rules, and AWS Resource Access Manager to implement a centralized DNS solution in a multi-account AWS environment. Builders Session Mahmoud Matouk
GRC348 - Enforce whitelist-only policy through conditional forwarding rules DNS whitelisting provides a pathway to reduce the risk of online threats such as viruses, malware, and ransomware, and it allows you to enforce compliance with a DNS protection strategy and the policy of whitelist only. In this session, learn a simple yet effective approach to implementing DNS whitelisting using AWS native services. We use Amazon Route 53 Resolver and conditional forwarding rules to implement DNS whitelisting of allowed domains. Other domain queries are sent to a sinkhole, where the query is logged and later analyzed using Amazon Athena. Builders Session Mahmoud Matouk
GRC349 - How to truly delegate permissions with an effective GRC program A good governance, risk, and compliance (GRC) program establishes the foundation for meeting security and compliance objectives. However, many GRC programs are viewed as bureaucracy getting in the way of exciting cybersecurity and system development. Permissions boundaries addresses the issue of how to delegate administration to developers while maintaining a strong GRC program. If you have developers that need to create IAM roles and policies for AWS Lambda functions or instances, then you need permissions boundaries. In this session, we demonstrate that with the proper use of permissions boundaries, you can enforce a GRC program and provide flexibility to developers. Builders Session Stephen Alexander
GRC350 - We all want the same things: Meeting controls objectives on AWS This session is for technical practitioners as well as audit and compliance professionals. You learn the range of capabilities and patterns on AWS for implementing and achieving controls objectives. This session focuses on bridging the gap between IT and infosec technical experts and their stakeholders on audit and compliance teams. The purpose is for both groups to learn about the other’s domain and foster closer, more productive working relationships. We all want the same things. Chalk Talk Peter O'Donnell
HOL001-R - [REPEAT] Hands-on Labs Visit Hands-on Labs for the opportunity to practice with AWS in a live sandbox environment. In Hands-on Labs, choose a lab from our catalog (including many security-focused labs) and learn at your own pace as you walk through scenarios step-by-step. Lab topics range in level from introductory to expert and take approximately 30–60 minutes to complete. Registration is not required; walk-ups are welcome! Hands-on Lab
HOL001-R1 - [REPEAT 1] Hands-on Labs Visit Hands-on Labs for the opportunity to practice with AWS in a live sandbox environment. In Hands-on Labs, choose a lab from our catalog (including many security-focused labs) and learn at your own pace as you walk through scenarios step-by-step. Lab topics range in level from introductory to expert and take approximately 30–60 minutes to complete. Registration is not required; walk-ups are welcome! Hands-on Lab
ISL001-R - [REPEAT] AWS International Security Lounge AWS celebrates and honors the diversity of our customer base. The International Security Lounge is open to all re:Inforce attendees. Come meet AWS team members from around the globe, enjoy some refreshments, charge your devices and learn about our security events coming to a region near you! General Activity
ISL001-R1 - [REPEAT 1] AWS International Security Lounge AWS celebrates and honors the diversity of our customer base. The International Security Lounge is open to all re:Inforce attendees. Come meet AWS team members from around the globe, enjoy some refreshments, charge your devices and learn about our security events coming to a region near you! General Activity
JAL001-R - [REPEAT] Jam Lounge Security and incident response is one of the top priorities for organizations that move their workloads to the cloud. Just understanding the the types of controls that are available through AWS and our partners is no longer enough. The Jam Lounge provides self-paced challenges that can be completed within the Jam Lounge or during breaks, lunch, and even overnight. The challenges will help you learn new skills and practice current ones against simulated environments. General Activity
JAL001-R1 - [REPEAT 1] Jam Lounge Security and incident response is one of the top priorities for organizations that move their workloads to the cloud. Just understanding the the types of controls that are available through AWS and our partners is no longer enough. The Jam Lounge provides self-paced challenges that can be completed within the Jam Lounge or during breaks, lunch, and even overnight. The challenges will help you learn new skills and practice current ones against simulated environments. General Activity
JAL001-R2 - [REPEAT 2] Jam Lounge Security and incident response is one of the top priorities for organizations that move their workloads to the cloud. Just understanding the the types of controls that are available through AWS and our partners is no longer enough. The Jam Lounge provides self-paced challenges that can be completed within the Jam Lounge or during breaks, lunch, and even overnight. The challenges will help you learn new skills and practice current ones against simulated environments. General Activity
MEA001 - Breakfast - Tuesday Breakfast will be provided in the Securty Learning Hub, Exhibit Level from 7am - 9am. Meal
MEA002 - Lunch - Tuesday Lunch will be provided in the Securty Learning Center, Exhibit Level (Buffet) and Wicked Good Market, Level 1 (Grab & Go) 11am - 1pm. Meal
MEA004 - Breakfast - Wednesday Breakfast will be provided in the Securty Learning Hub, Exhibit Level from 7am - 9am. Meal
MEA005 - Lunch - Wednesday Lunch will be provided in the Securty Learning Center, Exhibit Level (Buffet) and Wicked Good Market, Level 1 (Grab & Go) 11am - 1pm. Meal
NSL001-R - [REPEAT] AWS Network Services Lounge Your AWS network is at the foundation of your security. It plays a critical part in securing your environment by isolating resources, encrypting data, and connecting privately on the AWS global network. Come and join us for a chance to meet and ask questions to AWS networking experts about our latest services, such as AWS Transit Gateway, AWS Client VPN, Amazon Route 53 Resolver, and AWS PrivateLink. Whiteboard architectures and see demonstrations of networking services, including our very latest announcements. General Activity
NSL001-R1 - [REPEAT 1] AWS Network Services Lounge Your AWS network is at the foundation of your security. It plays a critical part in securing your environment by isolating resources, encrypting data, and connecting privately on the AWS global network. Come and join us for a chance to meet and ask questions to AWS networking experts about our latest services, such as AWS Transit Gateway, AWS Client VPN, Amazon Route 53 Resolver, and AWS PrivateLink. Whiteboard architectures and see demonstrations of networking services, including our very latest announcements. General Activity
RCP001 - Reception Closing reception General Activity
SDD201 - Build a dashboard using serverless security analytics In this session, we walk you through a demo of how a security team can build dashboards in minutes without having to gain deep knowledge on analytics. The AWS serverless services we use include AWS WAF logs, AWS Glue, Amazon Athena, and Amazon QuickSight. Session Rohit Rangnekar Umesh Ramesh
SDD202 - Create & customize a Lambda rotation function for AWS Secrets Manager In this chalk talk, we dive deep into creating and customizing an AWS Lambda rotation function for AWS Secrets Manager. We develop an example from scratch to create an AWS Lambda rotation function for Amazon ElastiCache for Redis. We explain how the Lambda rotation function can help automate compliance (automated credential rotation every n days), pitfalls to watch for, and where to add customizations. We also cover how to enable and enforce least privilege and how to enable monitoring and audit trails for the rotation function. Finally, we show you how to test the rotation function. Chalk Talk Josh Joy
SDD203 - Secure access to internal apps using Amazon WorkLink In this chalk talk, we cover how Amazon WorkLink securely isolates content in AWS containers and then uses split rendering technology to deliver a seamless user experience while ensuring that no data is ever stored by web browsers on end-user devices. We dive deep into the security measures that Amazon WorkLink incorporates to ensure granular access control and protection of your critical internal data. Chalk Talk Supriya Kher Collin Scott
SDD204 - Using analytics to set access controls in AWS Administrators need to enable developers to move quickly when building applications on AWS while also controlling access to meet security needs. In this session, we demonstrate how administrators put permissions guardrails in place that enable them to grant broader access for their applications and developers. Then, we demonstrate how administrators can analyze activity to dial in access controls as applications and developers settle into common patterns. Finally, we show how to simulate permissions changes to understand and assess their impact. This session expects that participants are knowledgeable about IAM permission policies and AWS Organizations.     Session Ujjwal Pugalia
SDD301 - Lean and clean SecOps using AWS native services cloud "Cloud first" and "cloud native" are the new mindsets for many IT & business teams operating on AWS. In this new world, security functions need to scale for rapidly growing AWS accounts and VPCs in the organization. In this session, we show you how to build a world-class security operations organization with the same "cloud native" mindset using AWS tools. By the end of this session, you will understand how to run a lean and clean SecOps center for a fast-paced organization. The key objective of this session is to transform the security team from "no” to everything, to "know” everything. By knowing everything, you will sleep better. Session Ramesh Adabala
SDD302 - Methods for emergency privileged access Customers often want to provide an approved method for emergency privileged access to a secured environment. Use cases include providing remote shell access to instances in a production environment and providing temporary credentials for users to access high-privilege AWS API calls. You may not allow the creation of an internet gateway in nonproduction environments by default, but there are times when there is a need to allow someone to create an internet gateway in response to a legitimate requirement, such as load or stress testing. In this chalk talk, we build automation using AWS native tools, such as AWS Systems Manager Agent, Amazon CloudWatch Events, AWS Lambda, AWS Service Catalog, and IAM. Chalk Talk Nirav Kothari
SDD303-R - [REPEAT] Using AWS Firewall Manager and AWS WAF to protect your web applications In this chalk talk, we highlight a specific architecture and demo the solution for how to use both AWS WAF and AWS Firewall Manager—and have both development and security teams work together—in developing AWS WAF rules to ensure the security of a web application. Discover how this solution also helps in building more AWS WAF rules than the existing limits by doubling the number of rules per web ACL by using AWS WAF rule groups within a rule. Chalk Talk Kevin Lee Umesh Ramesh
SDD304 - Deep dive into AWS KMS In this session, learn the dos and don'ts of using AWS Key Management Service (KMS). We cover topics such as envelope encryption, encryption context, and permissions. We also dig into common situations that customers encounter, how to get out of them, and how to avoid them. At the end of this presentation, you leave with a working knowledge of how to use the permissions and authorization systems built into AWS KMS and with an understanding of how to appropriately encrypt data using AWS KMS. Chalk Talk Paul Radulovic Jim Irving
SDD305-R - [REPEAT] Building a DevSecOps culture In this chalk talk, we examine how to build a DevSecOps culture, which includes developing foundational practices and scaling functions to instantiate and resiliently operate a DevSecOps model. To achieve this shift, we analyze common success patterns, mechanisms for culture change, and mechanisms to reinforce this culture change. We also discuss the key points for building a DevSecOps culture. Takeaways include a blueprint for building a DevSecOps operating model in your organization, an understanding of the security practitioner’s point of view and how to embrace it to drive innovation, and ways to identify operating characteristics in your organization and use them to drive a strategy for DevSecOps. Chalk Talk Tim Anderson
SDD306 - Securing serverless and container services Most customers are uncertain of how to secure their serverless services because these services deviate from traditional perimeter security. Additionally, many security stakeholders do not have as much insight into serverless architectures as developer communities. In this session, we provide best practices, patterns, and demos on securing serverless services using a combination of secure coding practices with partner code libraries, DevOps principles, code/container version control using code, and a deep understanding of serverless services such as AWS Lambda, AWS Fargate, and Amazon EKS. We aim to provide some baselining mechanisms and patterns to build full serverless and secure service architectures. Session Tomas Clemente Sanchez
SDD307-R - [REPEAT] Protecting your IoT fleet Whether you’re selling millions of IoT devices to customers or deploying thousands to your own factories, protecting your IoT fleet can be difficult. With AWS, you can quickly deploy, manage, and audit your devices' security posture consistently and continuously. In this builder session, learn how to securely deploy a provided IoT sensor with its own certificate, register the device with a simple function, and then audit the device's security posture against best practices. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Megan O'Neil
SDD307-R1 - [REPEAT 1] Protecting your IoT fleet Whether you’re selling millions of IoT devices to customers or deploying thousands to your own factories, protecting your IoT fleet can be difficult. With AWS, you can quickly deploy, manage, and audit your devices' security posture consistently and continuously. In this builder session, learn how to securely deploy a provided IoT sensor with its own certificate, register the device with a simple function, and then audit the device's security posture against best practices. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Hong Pham
SDD307-R2 - [REPEAT 2] Protecting your IoT fleet Whether you’re selling millions of IoT devices to customers or deploying thousands to your own factories, protecting your IoT fleet can be difficult. With AWS, you can quickly deploy, manage, and audit your devices' security posture consistently and continuously. In this builder session, learn how to securely deploy a provided IoT sensor with its own certificate, register the device with a simple function, and then audit the device's security posture against best practices. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Hong Pham
SDD307-R3 - [REPEAT 3] Protecting your IoT fleet Whether you’re selling millions of IoT devices to customers or deploying thousands to your own factories, protecting your IoT fleet can be difficult. With AWS, you can quickly deploy, manage, and audit your devices' security posture consistently and continuously. In this builder session, learn how to securely deploy a provided IoT sensor with its own certificate, register the device with a simple function, and then audit the device's security posture against best practices. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Megan O'Neil
SDD307-R4 - [REPEAT 4] Protecting your IoT fleet Whether you’re selling millions of IoT devices to customers or deploying thousands to your own factories, protecting your IoT fleet can be difficult. With AWS, you can quickly deploy, manage, and audit your devices' security posture consistently and continuously. In this builder session, learn how to securely deploy a provided IoT sensor with its own certificate, register the device with a simple function, and then audit the device's security posture against best practices. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session John Yi
SDD307-R5 - [REPEAT 5] Protecting your IoT fleet Whether you’re selling millions of IoT devices to customers or deploying thousands to your own factories, protecting your IoT fleet can be difficult. With AWS, you can quickly deploy, manage, and audit your devices' security posture consistently and continuously. In this builder session, learn how to securely deploy a provided IoT sensor with its own certificate, register the device with a simple function, and then audit the device's security posture against best practices. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session John Yi
SDD308 - Integrating security testing into your container build pipeline In this workshop, you learn to leverage AWS development tools and open-source projects to integrate automated security testing into a CI/CD pipeline. Learn about a variety of patterns for integrating security testing and security-centric release control into AWS CodePipeline. Additionally, learn how to add feedback loops and fix common security vulnerabilities in your container-based application. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Workshop Avik Mukherjee Aditya Patel
SDD309 - Maturing and scaling your security remediation Leveraging multiple AWS security data sources and partner sources, we demonstrate how you can start slowly and work your way up to full, automated remediation at scale. We also introduce Aero, an AWS Professional Services remediation offering, and we showcase how you can integrate it to help augment your existing playbooks. Chalk Talk Michael St.Onge Michael Wasielewski
SDD310 - DevSecOps: Integrating security into pipelines In this workshop, you practice running an environment with a test and production deployment pipeline. Along the way, we cover topics such as static code analysis, dynamic infrastructure review, and workflow types. You also learn how to update your process in response to security events. We write new AWS Lambda functions and incorporate them into the pipeline, and we consider capabilities such as AWS Systems Manager Parameter Store and AWS Secrets Manager. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Workshop Byron Pogson
SDD311 - Using AWS WAF to protect against bots and scrapers In this workshop, you learn how to deploy AWS WAF in front of your application, how to set up AWS WAF full logging for compliance and monitoring purposes, and how to increase your security posture by creating custom rules using Amazon Elasticsearch Service with Kibana. You also learn how to protect your application against bad bots, web scrapers, and scanners by configuring bad and benign bot signatures and then automating your AWS WAF rules by parsing AWS WAF full logs using an AWS Lambda function. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Workshop Gene Ting Yuri Duchovny
SDD312-R1 - [REPEAT 1] Scaling threat detection and response in AWS This workshop provides the opportunity for you get familiar with AWS security services and learn how to use them to identify and remediate threats in your environment. Learn how to use Amazon GuardDuty, Amazon Macie, Amazon Inspector, and AWS Security Hub to investigate threats during and after an attack, set up a notification and response pipeline, and add additional protections to improve your environment’s security posture. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Workshop Ross Warren
SDD313-R - [REPEAT] Understanding where and how to use permissions boundaries and service control policies The service control policies (SCPs) in AWS Organizations now support resources and conditions! Learn how you can use a combination of SCPs and permissions boundaries to further secure your environments. We also dive into the tradeoffs of using one or the other to fit certain situations. Chalk Talk Megan O'Neil
SDD313-R1 - [REPEAT 1] Understanding where and how to use permissions boundaries and service control policies The service control policies (SCPs) in AWS Organizations now support resources and conditions! Learn how you can use a combination of SCPs and permissions boundaries to further secure your environments. We also dive into the tradeoffs of using one or the other to fit certain situations. Chalk Talk Megan O'Neil
SDD314 - Enforcing security invariants with AWS Organizations The builder in you wants to move fast in the cloud, taking advantage of the agility, flexibility, and scale that it offers. The security professional in you needs to ensure that—no matter what your team is doing in the cloud—certain security and compliance invariants are guaranteed to hold. This session is for the security builders among you. We show you how to take advantage of the security perimeters offered by AWS Organizations to simply, securely, and definitively assert your security rules at the perimeter. Session Becky Weiss
SDD315 - Securing your Amazon SageMaker model development in a highly regulated environment Amazon SageMaker is a fully managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale. In this session, we dive deep into the security configurations of Amazon SageMaker components, including notebooks, distributed and batch training, and hosting endpoints. We also review Vanguard’s implementation of key controls in a highly regulated environment. These include fine-grained access control, end-to-end encryption in transit, encryption at rest with AWS KMS customer-managed customer master keys (CMKs), private connectivity to all Amazon SageMaker APIs, and comprehensive audit trails for resource and data access. Session Hung Pham Ritesh Shah
SDD316 - How Dow Jones uses AWS to create a secure perimeter around its web properties Dow Jones, a world-leading data, media, and intelligence solutions provider with brands like the Wall Street Journal and MarketWatch, has numerous applications that need protection. The company was seeking a protection solution and a way to gain more control over security, and it looked to AWS to secure the cloud right at the edge. This session explores how Dow Jones implemented innovative architecture to meet its software security framework using CloudFront, AWS Shield, AWS WAF, Lambda, and more. Learn how to use AWS services to architect software environments for securing applications. Join Kamal Verma, senior principal engineer at Dow Jones, for a deep dive into their implementation and learnings. Session Kamal Verma
SDD318 - Security best practices the well-architected way As you continually evolve your use of the AWS platform, it’s important to consider ways to improve your security posture and take advantage of new security services and features. In this advanced session, we share architectural patterns for meeting common challenges, service limits and tips, tricks, and ways to continually evaluate your architecture against best practices. Automation and tools are featured throughout, and there will be code giveaways! Be prepared for a technically deep session on AWS security. Session Ben Potter
SDD319 - Ensure the integrity of your code for fast and secure deployments DevOps practices help push applications faster into production through better collaboration and automated testing. During that process, security is often seen as an inhibitor to speed. The challenge for many organizations is delivering applications at a fast pace while embedding security at the speed of DevOps. In this session, learn how products and customers in the AWS Marketplace help make DevSecOps a well-orchestrated methodology for ensuring the speed, stability, and security of your applications.     Session Benjamin Andrew
SDD323-R - [REPEAT] Automating remediation of noncompliant configurations This builders session focuses on developing automation to immediately remediate issues and notify security teams of noncompliance to expected baselines through several simple yet powerful implementations of AWS Config and AWS Lambda. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Aaron Franco
SDD323-R1 - [REPEAT 1] Automating remediation of noncompliant configurations This builders session focuses on developing automation to immediately remediate issues and notify security teams of noncompliance to expected baselines through several simple yet powerful implementations of AWS Config and AWS Lambda. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Aaron Franco
SDD323-R2 - [REPEAT 2] Automating remediation of noncompliant configurations This builders session focuses on developing automation to immediately remediate issues and notify security teams of noncompliance to expected baselines through several simple yet powerful implementations of AWS Config and AWS Lambda. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Aaron Franco
SDD323-R3 - [REPEAT 3] Automating remediation of noncompliant configurations This builders session focuses on developing automation to immediately remediate issues and notify security teams of noncompliance to expected baselines through several simple yet powerful implementations of AWS Config and AWS Lambda. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Aaron Franco
SDD323-R4 - [REPEAT 4] Automating remediation of noncompliant configurations This builders session focuses on developing automation to immediately remediate issues and notify security teams of noncompliance to expected baselines through several simple yet powerful implementations of AWS Config and AWS Lambda. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Aaron Franco
SDD323-R5 - [REPEAT 5] Automating remediation of noncompliant configurations This builders session focuses on developing automation to immediately remediate issues and notify security teams of noncompliance to expected baselines through several simple yet powerful implementations of AWS Config and AWS Lambda. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Aaron Franco
SDD324-R - [REPEAT] Setting up a DevSecOps pipeline to automate vulnerability scanning of Docker images A container image is built up from a series of layers. It is incredibly difficult and time-consuming to manually track all of the files, packages, libraries, and so on that are included in an image along with the vulnerabilities that they may possess. This session guides you through setting up automated vulnerability scanning using AWS CodePipeline to scan your container images for known security vulnerabilities and to deploy the container only if the vulnerabilities are within a defined threshold. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Vikrama Adethyaa
SDD324-R1 - [REPEAT 1] Setting up a DevSecOps pipeline to automate vulnerability scanning of Docker images A container image is built up from a series of layers. It is incredibly difficult and time-consuming to manually track all of the files, packages, libraries, and so on that are included in an image along with the vulnerabilities that they may possess. This session guides you through setting up automated vulnerability scanning using AWS CodePipeline to scan your container images for known security vulnerabilities and to deploy the container only if the vulnerabilities are within a defined threshold. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Gururaj Bayari
SDD324-R2 - [REPEAT 2] Setting up a DevSecOps pipeline to automate vulnerability scanning of Docker images A container image is built up from a series of layers. It is incredibly difficult and time-consuming to manually track all of the files, packages, libraries, and so on that are included in an image along with the vulnerabilities that they may possess. This session guides you through setting up automated vulnerability scanning using AWS CodePipeline to scan your container images for known security vulnerabilities and to deploy the container only if the vulnerabilities are within a defined threshold. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Vikrama Adethyaa
SDD324-R3 - [REPEAT 3] Setting up a DevSecOps pipeline to automate vulnerability scanning of Docker images A container image is built up from a series of layers. It is incredibly difficult and time-consuming to manually track all of the files, packages, libraries, and so on that are included in an image along with the vulnerabilities that they may possess. This session guides you through setting up automated vulnerability scanning using AWS CodePipeline to scan your container images for known security vulnerabilities and to deploy the container only if the vulnerabilities are within a defined threshold. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Gururaj Bayari
SDD324-R4 - [REPEAT 4] Setting up a DevSecOps pipeline to automate vulnerability scanning of Docker images A container image is built up from a series of layers. It is incredibly difficult and time-consuming to manually track all of the files, packages, libraries, and so on that are included in an image along with the vulnerabilities that they may possess. This session guides you through setting up automated vulnerability scanning using AWS CodePipeline to scan your container images for known security vulnerabilities and to deploy the container only if the vulnerabilities are within a defined threshold. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Vikrama Adethyaa
SDD324-R5 - [REPEAT 5] Setting up a DevSecOps pipeline to automate vulnerability scanning of Docker images A container image is built up from a series of layers. It is incredibly difficult and time-consuming to manually track all of the files, packages, libraries, and so on that are included in an image along with the vulnerabilities that they may possess. This session guides you through setting up automated vulnerability scanning using AWS CodePipeline to scan your container images for known security vulnerabilities and to deploy the container only if the vulnerabilities are within a defined threshold. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Gururaj Bayari
SDD325 - Bose uses AWS IoT to securely connect millions of devices and improve IT agility As a result of moving to AWS, Bose retired its first data center in 2018, and its second data center is closing later this year. In this session, Bose’s head of security discusses the company’s journey to the cloud and how it moved hundreds of workloads and services to AWS using a shared services model. This included business-critical environments that are in scope for regulatory compliance and SAP applications that are paramount to running the business. On the product side, this session covers how Bose securely connected millions of devices to AWS IoT, which required multiple iterations of security controls, policies, and standards. Session Peter Buonora Satyendra Thakur
SDD326-R - [REPEAT] Security best practices for Amazon EKS This builders session takes you through the process of securing Kubernetes pods running on Amazon Elastic Container Service for Kubernetes (Amazon EKS). We set up a VPC with proper tagging, configure kubectl, and create the required trust, roles, and AWS Identity and Access Management (IAM) policies that are required to apply pod-level security using kube2iam for Amazon EKS. We also apply IAM roles to a namespace in order to restrict pods to a specific IAM role. Builders Session James Meyer
SDD326-R1 - [REPEAT 1] Security best practices for Amazon EKS This builders session takes you through the process of securing Kubernetes pods running on Amazon Elastic Container Service for Kubernetes (Amazon EKS). We set up a VPC with proper tagging, configure kubectl, and create the required trust, roles, and AWS Identity and Access Management (IAM) policies that are required to apply pod-level security using kube2iam for Amazon EKS. We also apply IAM roles to a namespace in order to restrict pods to a specific IAM role. Builders Session James Meyer
SDD326-R2 - [REPEAT 2] Security best practices for Amazon EKS This builders session takes you through the process of securing Kubernetes pods running on Amazon Elastic Container Service for Kubernetes (Amazon EKS). We set up a VPC with proper tagging, configure kubectl, and create the required trust, roles, and AWS Identity and Access Management (IAM) policies that are required to apply pod-level security using kube2iam for Amazon EKS. We also apply IAM roles to a namespace in order to restrict pods to a specific IAM role. Builders Session James Meyer
SDD326-R3 - [REPEAT 3] Security best practices for Amazon EKS This builders session takes you through the process of securing Kubernetes pods running on Amazon Elastic Container Service for Kubernetes (Amazon EKS). We set up a VPC with proper tagging, configure kubectl, and create the required trust, roles, and AWS Identity and Access Management (IAM) policies that are required to apply pod-level security using kube2iam for Amazon EKS. We also apply IAM roles to a namespace in order to restrict pods to a specific IAM role. Builders Session Apoorva Kulkarni
SDD326-R4 - [REPEAT 4] Security best practices for Amazon EKS This builders session takes you through the process of securing Kubernetes pods running on Amazon Elastic Container Service for Kubernetes (Amazon EKS). We set up a VPC with proper tagging, configure kubectl, and create the required trust, roles, and AWS Identity and Access Management (IAM) policies that are required to apply pod-level security using kube2iam for Amazon EKS. We also apply IAM roles to a namespace in order to restrict pods to a specific IAM role. Builders Session James Meyer
SDD326-R5 - [REPEAT 5] Security best practices for Amazon EKS This builders session takes you through the process of securing Kubernetes pods running on Amazon Elastic Container Service for Kubernetes (Amazon EKS). We set up a VPC with proper tagging, configure kubectl, and create the required trust, roles, and AWS Identity and Access Management (IAM) policies that are required to apply pod-level security using kube2iam for Amazon EKS. We also apply IAM roles to a namespace in order to restrict pods to a specific IAM role. Builders Session Apoorva Kulkarni
SDD326-R6 - [REPEAT 6] Security best practices for Amazon EKS This builders session takes you through the process of securing Kubernetes pods running on Amazon Elastic Container Service for Kubernetes (Amazon EKS). We set up a VPC with proper tagging, configure kubectl, and create the required trust, roles, and AWS Identity and Access Management (IAM) policies that are required to apply pod-level security using kube2iam for Amazon EKS. We also apply IAM roles to a namespace in order to restrict pods to a specific IAM role. Builders Session Apoorva Kulkarni
SDD328 - How Pokémon’s SecOps team enables its business Pokémon’s SecOps team built an automated PII datalake pipeline allowing them to categorize data into profiles and manage permissions. We discuss how, using AWS Lambda, Amazon DynamoDB, and Amazon Simple Queue Service (Amazon SQS), they can validate any person in Active Directory, build the approval to the appropriate manager, write to DDB with a TTL, and push the appropriate access controls. This has two benefits: First, Pokémon can reuse this architecture for other permissions-based business processes, meaning a security layer can be added at the beginning. Second, it frees up security engineers to tackle larger, more important challenges. Session Jacob Bornemann
SDD329 - Separation of duties, least privilege, delegation, and CI/CD: IAM strategy for financial services Enhancements to AWS Identity and Access Management (IAM) and related services in the past year have made it safer and easier than ever to grant developers direct access to AWS. In this session, security and DevOps specialists share a new approach to automating IAM in AWS based on recent engagements with Global Financial Services customers. Learn how they've used CI/CD tools and techniques to enforce separation of duties, curtail human review of policy code, and delegate access to IAM while reducing the risk of unintended permissions escalation. Session Fritz Kunstler Alan Garver
SDD330 - Tax returns in the cloud: The journey of Intuit’s data platform With Amazon EC2, Amazon EBS, Amazon S3, AWS KMS, and more, Intuit’s data platform was able meet the requirements of high availability and rapid infrastructure scaling for 100 percent of the tax year’s seasonal demands. In this session, Intuit answers questions such as: Which portions of a complex system can be forklifted directly? Which need to be reengineered? How can highly sensitive data be migrated and stored securely in AWS? Are operational best practices in AWS different than those on premises? Intuit shares its strategy for establishing sufficient confidence in your business partners and delivering 100 percent product uptime. Session Ben Covi Amit Matety
SDD331 - Evolving perimeters with guardrails, not gates: Improving developer agility In this session, Comcast discusses its AWS cloud governance strategy, focusing on self-service tooling and account management, and explaining how it improved the developer experience by leveraging federated identities, AWS Organizations, and AWS Identity and Access Management permissions boundaries. Session Charlie Hammell Christopher Power David Hocky
SDD333 - Achieving security goals with AWS CloudHSM This talk compares AWS CloudHSM to other AWS cryptography services for common use cases. We dive deep on how to build scalable, reliable workloads with CloudHSM, and we cover configuration of the service for performance, error resilience, and cross-region redundancy. Session Stephen Quigg Avni Rambhia
SDD334-L - Leadership session: Security deep dive In this session, Bill Reid, Senior Manager of Security Solutions Architects, and Bill Shinn, Senior Principal in the Office of the CISO, walk attendees through the ways in which security leadership and security best practices have evolved, with an emphasis on advanced tooling and features. Both speakers have provided frontline support on complex security and compliance questions posed by AWS customers; join them in this master class in cloud strategy and tactics.  Session William Reid Bill Shinn
SDD335 - Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation of cloud automation at scale McGraw-Hill discusses how to effectively manage cloud operations for over 80 different agile DevOps teams by leveraging automated guardrails. In this talk, you learn about the challenges of running cloud operations at scale. Join us to learn what guardrails are, how you implement them at scale, and how they work across the entire cloud stack: networking, security, IAM, service whitelisting, OS hardening, and patching. Session Chinmay Tripathi Nathan Wallace
SDD336-R - [REPEAT] How to build secure, cross-account pipelines This builder session shows you how to build secure, cross-account pipelines for deploying applications from a central tools account to development, staging, and production accounts. This session focuses on how to leverage AWS CodePipeline, AWS CodeBuild, AWS CloudFormation, AWS CodeDeploy, AWS KMS, and Amazon S3 to build secure pipelines across multiple AWS accounts. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Sarma Palli
SDD336-R1 - [REPEAT 1] How to build secure, cross-account pipelines This builder session shows you how to build secure, cross-account pipelines for deploying applications from a central tools account to development, staging, and production accounts. This session focuses on how to leverage AWS CodePipeline, AWS CodeBuild, AWS CloudFormation, AWS CodeDeploy, AWS KMS, and Amazon S3 to build secure pipelines across multiple AWS accounts. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Sarma Palli
SDD336-R2 - [REPEAT 2] How to build secure, cross-account pipelines This builder session shows you how to build secure, cross-account pipelines for deploying applications from a central tools account to development, staging, and production accounts. This session focuses on how to leverage AWS CodePipeline, AWS CodeBuild, AWS CloudFormation, AWS CodeDeploy, AWS KMS, and Amazon S3 to build secure pipelines across multiple AWS accounts. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Sarma Palli
SDD336-R3 - [REPEAT 3] How to build secure, cross-account pipelines This builder session shows you how to build secure, cross-account pipelines for deploying applications from a central tools account to development, staging, and production accounts. This session focuses on how to leverage AWS CodePipeline, AWS CodeBuild, AWS CloudFormation, AWS CodeDeploy, AWS KMS, and Amazon S3 to build secure pipelines across multiple AWS accounts. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Seetarama Sarma
SDD336-R4 - [REPEAT 4] How to build secure, cross-account pipelines This builder session shows you how to build secure, cross-account pipelines for deploying applications from a central tools account to development, staging, and production accounts. This session focuses on how to leverage AWS CodePipeline, AWS CodeBuild, AWS CloudFormation, AWS CodeDeploy, AWS KMS, and Amazon S3 to build secure pipelines across multiple AWS accounts. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Seetarama Sarma
SDD336-R5 - [REPEAT 5] How to build secure, cross-account pipelines This builder session shows you how to build secure, cross-account pipelines for deploying applications from a central tools account to development, staging, and production accounts. This session focuses on how to leverage AWS CodePipeline, AWS CodeBuild, AWS CloudFormation, AWS CodeDeploy, AWS KMS, and Amazon S3 to build secure pipelines across multiple AWS accounts. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Builders Session Seetarama Sarma
SDD337 - Deploying critical Microsoft workloads on AWS at Capital One Capital One innovates by leveraging AWS managed services such as AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD), Amazon RDS for SQL Server and EC2 to deploy critical Windows workloads securely in an automated fashion. In this session, attendees will learn how Capital One uses AWS Managed Microsoft AD with their on-premises domain to provide secure and highly available authentication and authorization services for its Windows workloads, such as Amazon RDS for SQL Server. You also learn security best practices for setting up AWS Managed Microsoft AD including implementing MFA, AD Trust options, AWS account isolation, security log collection, and more. In addition, we detail how Capital One uses AWS Managed Microsoft AD and Lambda Functions to simplify and automate Windows workload deployments across multiple AWS accounts and Amazon VPCs. Session Vinod Madabushi Kenny Hill
SDD350-R1 - [REPEAT 1] Scale permissions management in AWS with attribute-based access control Central administrators need scalable mechanisms to set granular permissions as their organizations grow. In this session, we discuss how to scale permissions management by relying on workforce and resource attributes. We introduce attribute-based access control (ABAC) and share how AWS enables you to author permission rules that scale with your organization to simplify permissions management. We share best practices for using tags to implement ABAC; we demonstrate how administrators can create policies and govern tags to grant developers access to AWS resources in their projects; and we show how permissions automatically apply as developers add resources to their projects. It is assumed that attendees are familiar with AWS permissions. Session Brigid Johnson
SDD351-S - Build security into CI/CD pipelines for effective security automation on AWS Realizing DevSecOps and effectively implementing security into CI/CD pipelines on AWS remains a challenging proposition for most organizations today. In this session, we share the essential principles of achieving security automation in your CI/CD pipelines and across the build, deploy, and run phases of your applications. Finally, we conclude with a demonstration of security automation across all three phases of your applications that are deployed on AWS infrastructure, showing you how to bring security automation to your organization. Session Tim Prendergast
SDD352-S - Driven by security: MGM’s high-velocity cloud transformation As a leader in its industry, MGM Resorts is transforming into a digital business with an aggressive strategy for cloud adoption. Join Dan Meacham, Legendary Entertainment VP Global Security and Corporate Operations and McAfee VP of cloud engineering Slawomir Ligier to hear how MGM’s approach to securing its AWS environment accelerated that transformation. Topics covered in this session include MGM’s primary focus areas for securing AWS environments, how McAfee helped accelerate this transformation, and the process of building a cloud security platform that extended from on premises to the cloud. We also discuss how to gain visibility into all workloads, lateral threat movements, and protection against advanced attacks, as well as how to create a successful DevOps workflow that integrates security. Session Scott Howitt Rajiv Gupta
SDD353 - Cross-account encryption with AWS KMS and Slack Enterprise Key Management Slack stores lots of customer data, and it’s essential that it’s protected. Some customers need tight control over their keys, so Slack worked with AWS KMS to enable customers to revoke data access independently. With Slack’s Enterprise Key Management (EKM) capability, customers control master keys that unlock access to their data from KMS accounts. Using precise, granular KMS access controls, customers allow or deny access to individual channels, workspaces, or Slack channels and audit keys in AWS CloudTrail logs. This session covers KMS and how Slack used KMS to build the EKM capability. Learn how KMS can help you give your customers control over their data. Session Joe Norman Audrei Drummond
SDD401 - Securing enterprise-grade serverless applications Serverless is one of the most popular innovations in the cloud today. Join this session to learn how to secure enterprise-grade serverless applications. We cover the strategies you can use to build secure applications running on AWS Lambda and Amazon API Gateway. Then we review how you can audit and monitor your applications using tools like AWS Config and AWS X-Ray. Join us to see examples and learn best practices from AWS serverless experts. Session George Mao
SDD402 - Using the AWS Encryption SDK for multiple master key encryption Do you want client-side encryption for your software but don’t know where to start? In this hands-on workshop, we cover the basics of client-side encryption, perform encrypt and decrypt operations using AWS Key Management Service (KMS) and the AWS Encryption SDK, and discuss security and performance considerations when implementing client-side encryption in your software. This workshop covers the basic challenges of this domain; a best practice for protecting data end-to-end with client-side encryption; KMS-style services and their uses, including AWS KMS; the open-source, open-format AWS Encryption SDK; and considerations for advanced integrations, such as performance tradeoffs and high-availability strategies. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Workshop Liz Roth Jamie Angell
SDD403-R1 - [REPEAT 1] Building secure APIs in the cloud APIs provide a great opportunity for enterprises to quickly and easily develop and integrate applications. However, it’s a challenge to build enterprise-grade security measures into APIs in order to protect data and meet compliance requirements. In this workshop, you get hands-on experience applying security best practices to improve the security posture of APIs built on AWS. We examine best practices for security and many of the security features and services available on the AWS platform, including Amazon Cognito, AWS WAF, Amazon API Gateway input validation, API Gateway usage plans, API Gateway authentication and authorization, AWS X-Ray, and more. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Workshop Xiang Shen Kevin McCandless
SDD405-R - [REPEAT] Serverless identity management, authentication, and authorization In this workshop, you learn how to build a serverless microservices application demonstrating end-to-end authentication and authorization using Amazon Cognito, Amazon API Gateway, AWS Lambda, and all things IAM. You have the opportunity to build an end-to-end functional app with a secure identity provider showcasing user authentication patterns.   All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Workshop Lia Vader Justin Pirtle
SDD405-R1 - [REPEAT 1] Serverless identity management, authentication, and authorization In this workshop, you learn how to build a serverless microservices application demonstrating end-to-end authentication and authorization using Amazon Cognito, Amazon API Gateway, AWS Lambda, and all things IAM. You have the opportunity to build an end-to-end functional app with a secure identity provider showcasing user authentication patterns. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Workshop Lia Vader Justin Pirtle
SDD406-R - [REPEAT] Permissions boundaries: how to truly delegate permissions on AWS In this workshop, you learn how to secure access permissions for multiple teams operating in a single AWS account. We provide an example three-tier web application running in production, and you practice delegating permissions to web administrators so they can modify only their own resources without impacting the permissions needed to do their job. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Workshop Cameron Worrell Ilya Epshteyn
SDD406-R1 - [REPEAT 1] Permissions boundaries: how to truly delegate permissions on AWS In this workshop, you learn how to secure access permissions for multiple teams operating in a single AWS account. We provide an example three-tier web application running in production, and you practice delegating permissions to web administrators so they can modify only their own resources without impacting the permissions needed to do their job. All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services. Workshop Cameron Worrell Ilya Epshteyn
SDD408 - DDoS attack detection at scale Distributed Denial of Service (DDoS) attacks seek to affect the availability of applications through network congestion, connection state exhaustion, and application stress. AWS distills exabytes of NetFlow data, application logs, and service health metrics to inform DDoS attack detection, reporting, and mitigation systems. In this session, learn how to access insights about the DDoS threat environment and attacks against your specific AWS resources through the AWS Management Console, API, and Amazon CloudWatch. Finally, learn how to use this information to automate notification and response. Session John Krah
SDD409 - Volkswagen’s security journey to the cloud: Building a platform for millions of vehicles Volkswagen has been building a solid digital ecosystem with over a hundred applications on AWS to serve millions of devices in vehicles and in manufacturing plants. In this session, the security architectural patterns learned during this journey are shared, including topics such as layered landing zone approaches, pipeline bootstrapping, safeguarding of AWS Lambda, outbound proxies, IPsec mesh, self-service jump hosts, AWS security group references, and security governance. Session Vesselin Tzetkov
SDD411 - Architecting security and governance through policy guardrails in Amazon EKS Amazon EKS makes it easy to run Kubernetes on AWS without managing master nodes or etcd operators. Kubernetes offers a powerful abstraction layer for managing containerized infrastructure, which presents unique challenges to AWS media customers. In this session, we share lessons from Synamedia, and we discuss its reasons for moving to EKS and the security and governance implications for migrating workloads. Learn about the approach and benefits for establishing security and governance with Open Policy Agent (OPA), which uses Kubernetes validating and mutating admission controllers to establish policy guardrails for container registries, input, load balancers, and other objects within EKS. Session Paavan Mistry Stephen Tallamy
SDD412 - Identity and access control for custom enterprise applications This session by the AWS Security Jam team looks at some Amazon Cognito patterns used by the Jam Platform. The team shares their experience building SSO-enabled internal apps with fine-grained role-based access control using an identity provider based on Security Assertion Markup Language (SAML) 2.0. Session Eran Medan
SDD413 - How GoDaddy protects ecommerce and domains with AWS KMS and encryption GoDaddy is a company full of builders, and its mission is to empower everyday entrepreneurs to be successful online. In this session, learn how its Cloud Center of Excellence team is setting new standards for security and data encryption on AWS. Learn how GoDaddy leverages AWS Key Management Service to enable distributed application teams to move quickly and securely and how it has used advanced encryption handling techniques to protect sensitive data (e.g., ecommerce) for its 18 million customers. Finally, learn how you can leverage GoDaddy’s open-source advanced encryption handling SDK to protect your company’s most sensitive assets. Session Edward Abrams Demetrius Comes
SDD414 - Achieving standardized tags on AWS resources across your accounts Tags allow customers to assign custom metadata to categorize AWS resources, and they make it easier to identify, manage, and search for resources at scale. Customers want to be able to standardize tags on resources across multiple accounts, because consistent tags provide greater confidence to leverage tags for critical use cases like access control and cost allocation. Join this session to learn how to define tagging rules, such as what tags are required on what resources and what values are allowed. Learn how to simplify the process of auditing resources and maintaining corporate governance to ensure that the right tags are on all of your important resources.  Chalk Talk winston chiang Vijay Adhikari
SEJ001-R - [REPEAT] Security Jam We will provide the incident response scenarios where you can learn new skills and practice current ones against a set of simulated security incidents. Can you identify what caused the blues? What would you do differently? How can you architect multiple AWS services to prevent it from happening again? New to AWS? New to security? Or an expert in both? Come and join us! Our activities are structured to accommodate AWS users of all levels. We have AWS experts, plus guided exercises, that will ramp up your security knowledge. All you need to bring is your desire to learn and a laptop. Security Jam
SEJ001-R1 - [REPEAT 1] Security Jam We will provide the incident response scenarios where you can learn new skills and practice current ones against a set of simulated security incidents. Can you identify what caused the blues? What would you do differently? How can you architect multiple AWS services to prevent it from happening again? New to AWS? New to security? Or an expert in both? Come and join us! Our activities are structured to accommodate AWS users of all levels. We have AWS experts, plus guided exercises, that will ramp up your security knowledge. All you need to bring is your desire to learn and a laptop. Security Jam
SEJ001-R2 - [REPEAT 2] Security Jam We will provide the incident response scenarios where you can learn new skills and practice current ones against a set of simulated security incidents. Can you identify what caused the blues? What would you do differently? How can you architect multiple AWS services to prevent it from happening again? New to AWS? New to security? Or an expert in both? Come and join us! Our activities are structured to accommodate AWS users of all levels. We have AWS experts, plus guided exercises, that will ramp up your security knowledge. All you need to bring is your desire to learn and a laptop. Security Jam
SEP201 - The evolution of automated reasoning technology at AWS The Automated Reasoning Group strengthened the foundations of AWS and provided customers with tools to verify their own security posture. In this session, we'll discuss the evolution of automated reasoning technology at AWS and how it works in the services in which it is embedded, including Amazon S3, AWS Config, and Amazon Macie. Attendees also learn what's ahead for automated reasoning at AWS and the customer problems it continues to solve in the security and broader cloud space. Session Eric Brandwine Neha Rungta
SEP202 - Beyond security & compliance, with healthcare compliance analytics Organizations are moving to the cloud and transitioning more of their business and operations to real-time, highly integrated systems. As threats become more complex and context-dependent, the platforms that protect institutions become all the more critical for their success. In this session, learn how Protenus is using the AWS cloud computing platform to change the security and compliance strategies of large healthcare organizations across the country. Discover how, by leveraging AI to save time, Protenus is able to focus on what's strategically important and gain deep visibility into risks across their electronic systems. Session Peter Greene Robert Lord
SEP203 - Leverage the security & resiliency of the cloud & IoT for industry use cases This non-technical two-hour Internet of Things (IoT) tabletop exercise benefits business and technology leaders and regulators in the Energy, Oil and Gas, Transportation, Healthcare, Financial, and Manufacturing sectors. Through discussion of a simulated cyber IoT incident, you explore required capabilities and processes. You learn how to leverage AWS for security, high availability, incident response, and continuity of operations for systems that include IoT. You also discuss the advantages of cloud security and resiliency over traditional on-premises environments to understand your opportunities. Finally, the effectiveness of international cybersecurity frameworks in improving an organization’s posture is highlighted. No laptops required. Workshop Momena Cheema Michael South
SEP204 - Privacy, ethics, and engineering in emerging technology In this session, both customer and AWS speakers discuss how organizations incorporate privacy protections into the design of their products and services (i.e., privacy by design). It also covers how they use privacy-enhancing technologies to protect their customers’ personal data. Learn about the impact that the regulatory environment and ethics considerations have on engineering and emerging technology development and adoption. Session Jonathan Jenkyn Matt Hillary
Get More Results