Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Leveling Up Security @ Riot Games :: BruCon 2015

Mark Hillick
October 08, 2015
Technology
0
530

Leveling Up Security @ Riot Games :: BruCon 2015

In his talk, Mark discusses his 2+ years at Riot Games. He explains:

- How the program was assessed
- What gaps were identified
- How the team has closed those gaps
- What the team has learned (including successes as well as failures)
- Where the Riot InfoSec team is headed

Warning: There will be no 0days in this talk :)

YouTube Link :: https://www.youtube.com/watch?v=7Y8iLXkyD7w

Mark Hillick

October 08, 2015
Tweet

More Decks by Mark Hillick

See All by Mark Hillick
Digital Safety for Parents
markofu
0
130
Do you even tech anymore?
markofu
0
83
Leveling Up Security :: 2015 v 2018
markofu
0
320
Security Change Through Feedback
markofu
0
100
Feedback Security
markofu
2
260
Team Building @ Riot
markofu
0
93
Social Security @ Riot
markofu
0
330
Securing your MongoDB Implementation
markofu
0
190
Using MongoDB Monitoring Service (MMS)
markofu
0
130

Other Decks in Technology

See All in Technology
開発生産性を上げながらビジネスも30倍成長させてきたチームの姿
kamina_zzz
2
1.7k
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
2
310
Amazon Personalizeの レコメンドシステム構築、実際何するの? 〜大体10分で具体的なイメージをつかむ〜
kniino
1
100
The Role of Developer Relations in AI Product Success.
giftojabu1
0
120
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
120
iOSチームとAndroidチームでブランチ運用が違ったので整理してます
sansantech
PRO
0
130
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
220
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
適材適所の技術選定 〜GraphQL・REST API・tRPC〜 / Optimal Technology Selection
kakehashi
1
400
Evangelismo técnico: ¿qué, cómo y por qué?
trishagee
0
360
マルチプロダクトな開発組織で 「開発生産性」に向き合うために試みたこと / Improving Multi-Product Dev Productivity
sugamasao
1
300
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
300k

Featured

See All Featured
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
Code Reviewing Like a Champion
maltzj
520
39k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
720
How to Think Like a Performance Engineer
csswizardry
20
1.1k
GraphQLとの向き合い方2022年版
quramy
43
13k
Visualization
eitanlees
145
15k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
Done Done
chrislema
181
16k
Building an army of robots
kneath
302
43k

Transcript

  1. Leveling Up Security @ Riot Games

  2. AGENDA Final Boss? Game of Security Level Up Who

  3. WHO AM I { “contact”: { “email”: “[email protected]”, “twitter”: “@markofu”

    }, “work”: {”Riot Games”: ”LoL” , ”cert” : {”GIAC GSE”: true}, ”life”: {”Everything”: ”busy”} }, “tags”: [ {”infosec”: 1}, {”challenge”: 1}, {”IR”: 1}, {”growth”: 1}, {”scale”: 1}, {”tons of damage”: 1}, {”fun”: 1}, {”DDoS”: 1} ], “learning”: [ {”Riot”: true} , {”Industry”: ”so much change”}, {”Sharing”: true} ] }

  4. WHO AM I REALLY

  5. 2,000+ RIOTERS IN 17 OFFICES

  6. TEAMWORK

  7. 67MILLION MONTHLY ACTIVE PLAYERS MORE THAN 27MILLION DAILY ACTIVE PLAYERS

    MORE THAN 7.5MILLION PEAK CONCURRENT PLAYERS
  8. None

  9. Aspire

  10. None

  11. AGENDA Final Boss? Game of Security Level Up Who

  12. MOVE FAST - GOALS AGILITY SECURITY QUALITY

  13. What brought us agility also brought us the Wild Wild

    West of Computing

  14. VPC VPC VPC 1 # of VPNs AWS (1)

  15. VPC VPC VPC 40 # of VPNs AWS (2)

  16. !! # of VPNs VPC VPC VPC AWS (3)

  17. None
  18. None
  19. None
  20. None
  21. None

  22. AGENDA Final Boss? Level Up Who Game of Security

  23. SUPPORT

  24. Socialise Alignment Visibility RAISE THAT LEVEL

  25. None
  26. None

  27. AWARENESS

  28. SECURE CODE

  29. SECURITY WEEK

  30. RFCs

  31. RED TEAM

  32. SECURE OFFICE

  33. OFFICE AS CODE { "offices": [ { "id" : "1",

    "code" : "LAX1", "aliases" : [ "LAX" , ”SoCal", "Santa Monica" ], "city" : "Los Angeles", "country" : "USA", "esports" : "false", "secure" : "true", "external_ip" : [ ”1.1.1.1/32", ”2.2.2.2/32" ] } ] }

  34. VISIBILITY

  35. VISIBILITY MATRIX Proprietary AWS Audit ; Sightstone ; Network Scanner

  36. None
  37. None
  38. None
  39. None

  40. AGENDA Final Boss? Game of Security Level Up Who

  41. FINAL BOSS

  42. ALL THE THINGS

  43. Hiring Standards & Verify Tools FUTURES

  44. Outreach // Outreach // Outreach // Outreach FUTURES (2)

  45. None

  46. THUNDERDOME

  47. -   RUNNING TO STAY STILL – DON’T

  48. REACH OUT

  49. Engage, Align & Support Learn & Iterate Remember Your Audience

    CONCLUSION

  50. QUESTIONS