AWS re:Inforce 2021 — the virtual security, identify, and compliance conference from AWS — is underway today. (And totally free to attend/watch.)
Due to COVID-19 concerns, the event made the switch from two days of in-person learning in Houston to a single day of online-only activity. On the positive side, it means the event is free . . . and you don’t have to travel to Houston. (Kidding!)
To capture a sense of the chit-chat and scuttlebutt that would accompany an in-person event, here are a few highlights from the Twitter-verse during this morning’s keynote session. Conversations included talk of the state of cloud security (and security professionals’ mental health), the newly announced AWS Backup Audit Manager, and plenty of nuggets of cloud security wisdom.
Scroll away! It’s just like being at a conference. (But without the bland catering and the awkward moment when you have to sneak a glance at the badge of the friendly person who somehow remembers you, what you do, and your cat’s name after a brief chat at the conference last year.)
.@aselipsky kicks off #awscloud #reInforce by promising to share "tactics and strategies to help you keep your systems protected." It's a reminder that security is your responsibility, not the cloud's.
— Daniel Bowers (@Daniel_Bowers) August 24, 2021
#reinforce: @StephenSchmidt acknowledges that the increase in remote workers has made security professionals increasingly uncomfortable – Mild understatement!
— Stephen Sennett (@ssennettau) August 24, 2021
nice shout out from @StephenSchmidt to the #security community to make sure that we have a clear demarcation between work and home…need it to avoid burnout@awscloud #reinforce pic.twitter.com/OnqMTUeGjZ
— Mark Nunnikhoven (@marknca) August 24, 2021
Ooh, new service. Backups are great, but can you demonstrate that they're backing things up?
— Corey Quinn (@QuinnyPig) August 24, 2021
I like this very much, because nobody cares about backups. They care about restores. pic.twitter.com/2S6hcNIJ6t
btw, every one of these 👆 issues is the SECURITY TEAM’s problem…not the users
— Mark Nunnikhoven (@marknca) August 24, 2021
we need to do a lot better at education and building systems with delightful #ux@awscloud #reinforce
Detecting S3 buckets with public read permissions is the "Hello, World" of cloud security. #reinforce
— Daniel Bowers (@Daniel_Bowers) August 24, 2021
Make reviewing permissions part of your IAM program. Do it at a regular cadence. Your business changes, your security needs & access will change too.
— Michael Chan (@mchancloud) August 24, 2021
#reinforce Stephen is delivering a security masterclass right now at aws virtual reinforce https://t.co/rfjZsnfFMA
— John Furrier (@furrier) August 24, 2021
HBO Max's CISO is Brian Lozada. He says that they didn't want fear of security incidents get in the way of innovation. Security fears don't get to dictate their tempo, customers do. This is A+ CISOing in my view.
— The Scale Factory (@scalefactory) August 24, 2021
"Everyone here is an automation away from updating their résumé." Now that's a bold thing for a tech leader to say. I approve!
— Corey Quinn (@QuinnyPig) August 24, 2021
"Because no one accidentally starts learning about compliance regulation" @StephenSchmidt – Truest comment of the event so far #reinforce
— Stephen Sennett (@ssennettau) August 24, 2021
re:Inforce leadership sessions will continue throughout the day, including talks on threat detection & incident response and identity & access management. View the agenda here.
Who to follow in cloud
Looking for more conversations around all things cloud and tech? Check out ACG’s lists of builders you should be following (on social media — not in real life, please):
- 21 AWS builders to follow
- 21 Azure builders to follow
- 21 GCP builders to follow
- 21 DevOps builders to follow
Free AWS security resources
If re:Inforce has you thinking about security, check out this month’s free ACG courses, which include AWS Security Essentials and How to Properly Secure an S3 Bucket.
Also, check out these recent posts around security from the ACG blog:
- Ransomware and AWS: 6 ways to reduce your blast radius
- 12 AWS Config rules that every account should have
- How to audit and secure an AWS account
- Shift AWS security left: 10 ways to empower your developers
- Compliace is cumbersome (cloud can help)
Lock down your AWS security skills.
Want to level up your cloud security skills? Dig into ACG’s massive library of hands-on cloud learning.