The AWS Security Week will cover the security topics that you need to successfully launch secure applications on AWS.

You will learn security based practices on such diverse topics as Identity and Access Management, Encryption, Network Layer Security, Security Automation at Scale, Logging and Monitoring, Resiliency and DDoS protection. These topics will be explored in the context of common cloud architectures such as serverless architectures and 3-tiered applications.

Classes, demos, and labs will be led by seasoned security professionals from AWS, who will help you get to grips with not just the basics, but also the nuances of building applications in the cloud in a robust and secure manner. Popular “Ask the Experts” sessions will give you one-on-one time with our AWS security professionals.

New this year Security Week will begin with a Prep Day, where we will offer pre-requisite training and setup help to ensure that you will be ready to take full advantage of the labs and demos. By the end of the week you’ll have a solid understanding of the security aspects that you need to deploy applications and services into the cloud securely.

Pre-requisites

Participation in this event requires:

1. A valid, usable AWS account with admin privileges

2. Some familiarity with the AWS console, AWS CLI and AWS SDK. Reviewing these resources will help:

3. Installation of the AWS Python SDK and CLI ahead of time

4. A laptop/Mac which will allow you to access AWS SDKs, console and the AWS CLI

5. Optional: A domain you have pre-registered or the ability to register a domain name on Day 1. which you will be able to use (and modify) during the event.





Agenda







AWS Security Training & Preparation | Monday, August 7 | 9:00AM-6:00PM

9:00AM-10:00AM | Check-In

10:00AM-10:15AM | Welcome & Introduction to AWS Security

10:15AM-12:30PM | AWS Security Fundamentals: This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs. Level: 100

12:30PM-1:30PM | Lunch Break (lunch will be provided)



1:30PM-3:30PM | Hands-on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3: Our experts will guide you in setting up and understanding these Security Week pre-requisites:

AWS Management Console: facilitates cloud management for all aspects of your AWS account, including monitoring your monthly spending by service, managing security credentials, or even setting up new IAM Users.

facilitates cloud management for all aspects of your AWS account, including monitoring your monthly spending by service, managing security credentials, or even setting up new IAM Users. AWS Command Line Interface (CLI): an open source tool built on top of the AWS SDK for Python (Boto) that provides commands for interacting with AWS services. With minimal configuration, you can start using all of the functionality provided by the AWS Management Console from your favorite terminal program.

an open source tool built on top of the AWS SDK for Python (Boto) that provides commands for interacting with AWS services. With minimal configuration, you can start using all of the functionality provided by the AWS Management Console from your favorite terminal program. Boto3: the AWS SDK for Python. Boto3 makes it easy to integrate your Python application, library, or script with AWS services including Amazon S3, Amazon EC2, Amazon DynamoDB, and more.

the AWS SDK for Python. Boto3 makes it easy to integrate your Python application, library, or script with AWS services including Amazon S3, Amazon EC2, Amazon DynamoDB, and more. Optional: register a domain name to use and modify during the event.

Level: 100





3:30PM-6:00PM | Wrap up & Ask the Experts









Introduction to AWS Security | Tuesday, August 8 | 9:00AM-5:30PM

9:00AM-10:00AM | Check-In & Ask the Experts: We will open an hour early to offer assistance with setup and prep for the day’s demos and labs.

10:00AM-10:15AM | Welcome & Introduction to AWS Security

10:15AM-11:00AM | Keynote Speaker: Eugune Yu, AWS Professional Services Practice Manager Level: 100

11:00AM-11:45PM | Voice of the Customer: Autodesk Level: 100

IAM and Resource management using SAML Federation and unified tagging standards

IAM and Resource management using SAML Federation and unified tagging standards Centralized logging and alerting using Cloudtrail and Config

Centralized logging and alerting using Cloudtrail and Config Mock incident response walk through from detection to remediation

11:45AM-12:30PM | Introduction to the Security Perspective of the Cloud Adoption Framework (CAF): The Security Perspective of the AWS Cloud Adoption Framework provides a framework for maturation via a structured program that incorporates best practices and processes for define, build and optimize how you operate security controls in the AWS platform. The Security perspective of the CAF provides a set of 5 core foundational theme designed to help you structure your selection and implementation of controls that are right for your business: IAM, Detective Controls, Infrastructure Security, Data Protection and Incident response. During this session, we address how to put the Security Perspective of the CAF into practice and follow with an afternoon agenda that will dive deep in each of the individual core topics. Level: 100

12:30PM-1:30PM | Lunch Break (lunch will be provided)

1:30PM-2:15PM | Identify and Access Management: The First Step in AWS Security: IAM is first in the Security CAF because in the cloud first you grant access and only then can you provision infrastructure (the opposite of on-prem). In this session we’ll cover how to define fine grained access to AWS resources via users, roles and groups; designing privileged user & multi-factor authentication mechanisms and how to operate IAM at scale. Level: 200

2:15PM-3:00PM | Detective Controls: Gain Visibility and Record Change: After IAM you want to have Detective Controls in place to have visibility your deployments. In this session we’ll cover visibility at the AWS platform level, the application, Operating System and network levels and how to build monitoring solutions at scale leverage AWS services that turn logging data into security insight. Level: 200

3:00PM-3:15PM | Break

3:15PM-4:00PM | Infrastructure Security: Your Minimum Security Baseline: After IAM and Detective Controls you’ll turn to Infrastructure Security, which means tuning AWS Service configurations, AMI composition, and hardening other digital assets that will be deployed. We will cover how to define networking architecture (e.g. VPC, subnets, security groups); how to develop hardened AMIs based on your requirements; the importance of defining Internet ingress and egress flows, and how to determine Vulnerability Management and operational maintenance cadence. Level: 200

4:00PM-4:45PM | Data Protection in Transit and at Rest: With a minimum security baseline in place, you’re now ready to host data—which means Data Protection is required. Here we will discuss defining encryption strategy and selecting native AWS (KMS, CloudHSM) or third party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements. Level: 200

4:45PM-5:30PM | Incident Response: Preparing and Simulating Threat Response: Once you have built and deployed security infrastructure and automated key aspects of security operations you should validate your work through an Incident Response simulation. In this session we discuss the best way to protect your logs; how and why to develop automated IR capabilities via AWS tooling (e.g. Lambda); the importance of testing existing forensics tools to ensure efficacy in cloud environment; and ways to test your plan early and often. Level: 200









SecOps & Serverless | Wednesday, August 9 | 9:00AM-6:00PM



9:00AM-10:00AM | Check-In & Ask the Experts: We will open an hour early to offer assistance with setup and prep for the day’s demos and labs.

10:00AM-11:00AM | Threat Stack Session: A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution: Join us to learn what it takes to accomplish both security and speed in your AWS environment - beyond the basics. We will walk through real-world examples of contention and collaboration points common in organizations running continuous delivery models. Additionally, we’ll offer simple tips for auditing, monitoring and investigating suspicious activity across users, processes, network connections, and file access. By implementing the best practices discussed, you will:

(1) Be able to quickly differentiate between security issues and day-to-day activity

(2) Cut down your mean time to detection and response

(3) Minimize disruption from security to IT operations

11:00AM-11:45AM | Netflix's Strategy for Continuous IAM Permission Adjustment: At Netflix we manage thousands of IAM roles across dozens of AWS accounts. As members of the security operations team we want to enable rapid development but also limit permissions according to the principle of least privilege. To balance these goals we have adopted an approach where we automatically remove unused permissions. During this talk we will discuss our strategy for automatically managing permissions and the value we've already seen from doing so, demo the tools we've created, and outline our next steps. Level: 200

11:45AM-12:30PM | DevSecOps Introduction: Today’s cutting edge companies have release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This type of automation will help you catch bugs sooner and accelerate developer productivity. In this session we will share our AWS engineers embed security practices in DevOps, and discuss how you can use AWS services to securely enable DevOps agility in your organization. Level: 100

12:30PM-1:30PM | Lunch Break (lunch will be provided)

1:30PM-3:30PM | Threat Stack Workshop: Stop Wasting Your Time: Focus on Security Practices that Actually Matter: There’s no shortage of noise about cybersecurity. Between the shear number of vendors and daily news coverage about the next big vulnerability or breach, it’s easy to start feeling directionless and reactive. However, there are ways to cut through the noise. The first step is understanding how companies are actually getting breached - not just the ones you hear about in the media. Then, you can create a strategy that’s tailored to your risk profile and attack surface. In this session, you’ll leave with an understanding of how to measure your risk, devise a realistic defense strategy, and deploy high impact security, no matter what your budget or time crunch is.

3:30PM-3:45PM | Break

3:45PM-4:30PM | Best Practices for SecOps on AWS: To help prevent unexpected access to your AWS resources, it is critical to maintain strong identity and access policies. It is equally important to track and alert on changes to your AWS resources. In this tech talk, you will learn how to use AWS Identity and Access Management (IAM) to control access to your AWS resources and integrate your existing authentication system with AWS IAM. We will cover how you can deploy and control your AWS infrastructure using code templates, including change management policies with AWS CloudFormation. In addition, we will explore different options for managing both your AWS access logs and your Amazon Elastic Compute Cloud (EC2) system logs using Amazon CloudWatch Logs. We also will cover how to use these logs to implement an audit and compliance validation process using services such as AWS Config, AWS CloudTrail, and Amazon Inspector. Level: 200

4:30PM-5:15PM | Cloud-Native DDoS Attack Mitgation: Mitigation of Distributed Denial of Service (DDoS) attacks to protect the availability of an application historically required expensive hardware, scaling of fixed capacity, or the enlistment of 3rd party DDoS mitigation services. Today, AWS provides customers with the tools to build applications that are automatically protected against DDoS attacks without having to invest in costly infrastructure, route traffic externally, or accept performance tradeoffs. In this session, attendees will learn simple techniques for building DDoS-resilient applications, monitoring and alarming on the presence of DDoS attacks, and responding to events in-progress. Level: 200









AWS Security Master Classes | Thursday, August 10 | 9:00AM-6:00PM

9:00AM-10:00AM | Check-In: We will open an hour early to offer assistance with setup and prep for the day’s demos and labs.

10:00AM-10:15AM | Welcome & Introduction

10:15AM-11:00AM | Netflix Cloud Security Overview: Netflix: In this talk, Will Bengtson from Netflix will go over their security strategy and some of the approaches Netflix uses to protect its customers and service. Get a firsthand look at how Netflix approaches security in an environment supporting thousands of independent microservices across multiple AWS accounts. Level: 100

11:00AM-11:45AM | Become an IAM Policy Ninja: We take an in-depth look at the AWS Identity and Access Management (IAM) policy language. We start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. As we dive deeper, we explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket or to launch an Amazon EC2 instance of a specific type. Level: 200

11:45AM-12:30PM | Application Resiliency: A multi-Availability Zone (AZ), multi-region strategy of resource allocation helps ensure resilience to large scale events, such as system failure and DDoS attacks. In this session we will look at the services and features that can be used to enable wide-scale deployment of fault tolerant systems. We’ll use services like Amazon ELB, auto-scaling, and VPC security groups. Level: 200

12:30PM-1:30PM | Lunch Break (lunch wil be provided)

1:30PM-2:15PM | Toward Full Stack Security: AWS provides tools to improve your security posture, by providing ways of implementing detective and reactive controls that will detect and remediate security threats. We’ll look at the various services and the features that you can employee, such as AWS Inspector, AWS Trusted Advisor, AWS Config and Config Rules and CloudTrail. We’ll explore how they work and how they should be deployed as part of an overall security strategy. Level: 200

2:15PM-3:00PM | Securing Your AWS Infrastructure with Edge Services: In this session you will learn how you can better defend your websites and cloud infrastructure from cyberattacks using edge services from AWS, such as Amazon CloudFront, AWS Shield and AWS WAF. You will go behind the scenes to see how edge services help mitigate common DDoS attacks, how to use advanced protocols and ciphers, and how to enforce end-to-end HTTPS connections. You will also learn how to use additional features like the new rate based rules, integrations with other AWS Services such as Lambda and [email protected], and programs that provide a well architected approach to edge based security. Level: 200

3:00PM-3:45PM | How to Use Positive and Negative Security Models and Virtual Patching Techniques with AWS WAF: This session walks you through in detail how one can use AWS WAF to accomplish Positive and Negative security models as well as using it for Virtual Patching purposes. Positive Model WAF looks to allow access to specific characters or via specific rules. This model has the benefit of severely limiting the vectors an attacker can exploit simply because everything that is not expressly allowed is automatically blocked. Negative Model WAF works on the premise that most attackers are using exploits that have already been uncovered. Virtual patching is the quick development and short-term implementation of a security rules meant to prevent an exploit from occurring as a result of a newly discovered vulnerability. Level: 200

3:45PM-4:00PM | Break & Lab Prep

4:00PM-6:00PM | Hands-on Lab: Security: Your turn! Take all the information you learned in the previous days and get hands in completing a series of a mini challenge! Points to be scored, prizes to be won! We provide the infrastructure access for this one. Level: 200

AWS Pop-up Loft Sponsor:



