Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Leveling Up Security @ Riot Games :: BruCon 2015

Mark Hillick
October 08, 2015
Technology
0
530

Leveling Up Security @ Riot Games :: BruCon 2015

In his talk, Mark discusses his 2+ years at Riot Games. He explains:

- How the program was assessed
- What gaps were identified
- How the team has closed those gaps
- What the team has learned (including successes as well as failures)
- Where the Riot InfoSec team is headed

Warning: There will be no 0days in this talk :)

YouTube Link :: https://www.youtube.com/watch?v=7Y8iLXkyD7w

Mark Hillick

October 08, 2015
Tweet

More Decks by Mark Hillick

See All by Mark Hillick
Digital Safety for Parents
markofu
0
93
Do you even tech anymore?
markofu
0
77
Leveling Up Security :: 2015 v 2018
markofu
0
300
Security Change Through Feedback
markofu
0
94
Feedback Security
markofu
2
250
Team Building @ Riot
markofu
0
82
Social Security @ Riot
markofu
0
310
Securing your MongoDB Implementation
markofu
0
180
Using MongoDB Monitoring Service (MMS)
markofu
0
120

Other Decks in Technology

See All in Technology
Delivering Millions of Messages within seconds @ Duolingo
pelelgrino
0
330
Databricks における 『MLOps』
databricksjapan
2
140
Tableau事例紹介 / Tableau Case Study of Eureka
kazuya_araki_tokyo
1
170
開発生産性向上サービスを作るFindyが自分たちで開発生産性を爆上げした組織づくりの歩み / Findy's path to boosting its own development productivity 2024-04-17
ma3tk
3
340
コードを書く隙間を見つけて生きていく技術/Findy 思考の現在地
fujiwara3
24
5.2k
なぜ NOT A HOTEL が Web3 に取り組むのか - NOT A HOTEL TECH TALK
ynunokawa
0
160
自動生成を活用した、運用保守コストを抑える Error/Alert/Runbook の一元集約管理 / Centralized management of Error/Alert/Runbook to minimize operational costs using automated code generation
biwashi
9
2.1k
長期間TiDBを使ってきた話 @ 私たちはなぜNewSQLを使うのかTiDB選定5社が語る選定理由と活用LT / Experiences with TiDB Over Time
chibiegg
2
710
"好き"との生活/Regularly update profile with GitHub Actions
judeeeee
0
150
クラウドサインにおけるプロダクトマネージャーの役割と開発プロセス / 20240410_cloudsign-PdM
bengo4com
1
680
**強い**エンジニアのなり方 - フィードバックサイクルを勝ち取る / grow one day each day
soudai
61
18k
GraphQL 成熟度モデルの紹介と、プロダクトに当てはめた事例 / GraphQL maturity model
mh4gf
4
110

Featured

See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
120
16k
Why Our Code Smells
bkeepers
PRO
331
56k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
1
1.3k
Ruby is Unlike a Banana
tanoku
96
10k
Building Your Own Lightsaber
phodgson
98
5.7k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Web Components: a chance to create the future
zenorocha
305
41k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
226
16k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
4.4k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
60
14k
Rebuilding a faster, lazier Slack
samanthasiow
72
8.2k
Build your cross-platform service in a week with App Engine
jlugia
225
17k

Transcript

  1. Leveling Up Security @ Riot Games

  2. AGENDA Final Boss? Game of Security Level Up Who

  3. WHO AM I { “contact”: { “email”: “[email protected]”, “twitter”: “@markofu”

    }, “work”: {”Riot Games”: ”LoL” , ”cert” : {”GIAC GSE”: true}, ”life”: {”Everything”: ”busy”} }, “tags”: [ {”infosec”: 1}, {”challenge”: 1}, {”IR”: 1}, {”growth”: 1}, {”scale”: 1}, {”tons of damage”: 1}, {”fun”: 1}, {”DDoS”: 1} ], “learning”: [ {”Riot”: true} , {”Industry”: ”so much change”}, {”Sharing”: true} ] }

  4. WHO AM I REALLY

  5. 2,000+ RIOTERS IN 17 OFFICES

  6. TEAMWORK

  7. 67MILLION MONTHLY ACTIVE PLAYERS MORE THAN 27MILLION DAILY ACTIVE PLAYERS

    MORE THAN 7.5MILLION PEAK CONCURRENT PLAYERS
  8. None

  9. Aspire

  10. None

  11. AGENDA Final Boss? Game of Security Level Up Who

  12. MOVE FAST - GOALS AGILITY SECURITY QUALITY

  13. What brought us agility also brought us the Wild Wild

    West of Computing

  14. VPC VPC VPC 1 # of VPNs AWS (1)

  15. VPC VPC VPC 40 # of VPNs AWS (2)

  16. !! # of VPNs VPC VPC VPC AWS (3)

  17. None
  18. None
  19. None
  20. None
  21. None

  22. AGENDA Final Boss? Level Up Who Game of Security

  23. SUPPORT

  24. Socialise Alignment Visibility RAISE THAT LEVEL

  25. None
  26. None

  27. AWARENESS

  28. SECURE CODE

  29. SECURITY WEEK

  30. RFCs

  31. RED TEAM

  32. SECURE OFFICE

  33. OFFICE AS CODE { "offices": [ { "id" : "1",

    "code" : "LAX1", "aliases" : [ "LAX" , ”SoCal", "Santa Monica" ], "city" : "Los Angeles", "country" : "USA", "esports" : "false", "secure" : "true", "external_ip" : [ ”1.1.1.1/32", ”2.2.2.2/32" ] } ] }

  34. VISIBILITY

  35. VISIBILITY MATRIX Proprietary AWS Audit ; Sightstone ; Network Scanner

  36. None
  37. None
  38. None
  39. None

  40. AGENDA Final Boss? Game of Security Level Up Who

  41. FINAL BOSS

  42. ALL THE THINGS

  43. Hiring Standards & Verify Tools FUTURES

  44. Outreach // Outreach // Outreach // Outreach FUTURES (2)

  45. None

  46. THUNDERDOME

  47. -   RUNNING TO STAY STILL – DON’T

  48. REACH OUT

  49. Engage, Align & Support Learn & Iterate Remember Your Audience

    CONCLUSION

  50. QUESTIONS