In this talk, Mark will be discussing his 5+ years at Riot Games where the InfoSec team has developed a security program (https://engineering.riotgames.com/news/evolution-security-riot)
based on feedback and self-service, across a truly hybrid infrastructure.
Starting with a recap of his 2015 BruCON talk (Feedback Security), Mark will dive into where the team failed and succeeded in the years since the talk. He will dive into areas such as:
- internal RFCs
- developer education & collaboration on solutions
- receiving feedback when the team don't hit the bar and acting on it
- in-house tools designed and developed to provide visibility into the security posture of AWS
- open-sourcing tools and contributing to other open-source projects
An attendee should:
- see some pretty cool art (not created by Mark, obviously)
- understand where the Riot InfoSec team failed and succeeded
- learn about a self-service, feedback-driven approach to security, where the InfoSec team is embraced, not hated
Disclaimer :: There will be no cool exploits, 0days or buffer overloads in this talk.