Aaron Bedra

Senior Engineer at DRW

Aaron Bedra
   

Aaron Bedra is a Senior Engineer at DRW, where he works at the intersection trading and technology. He has served as a Chief Security Officer, Chief Technology Officer, and Principal Engineer/Architect. He has worked professionally on programming languages, most notably Clojure and ClojureScript. Aaron is the creator of Repsheet, an open source threat intelligence toolkit. He is the co-author of Programming Clojure, 2nd and 3rd Edition and a contributor to Functional Programming: A PragPub Anthology.

Presentations

Adaptive Threat Modeling

Tuesday, 8:30 AM EST

Security should always be built with an understanding of who might be attacking and how capable they are. Typical threat modeling exercises are done with a static group of threat actors applied in “best guess” scenarios. While this is helpful in the beginning, the real data eventually tells the accurate story. The truth is that your threat landscape is constantly shifting and your threat model should dynamically adapt to it. This adaptation allows teams to continuously examine controls and ensure they are adequate to counter the current threat actors. It helps create a quantitative risk driven approach to security and should be a part of every security teams tools.

Join Aaron as he demonstrates how to look at web traffic to analyze the threat landscape and turn request logs into data that identifies threat actors by intent and categorizes them in a way that can be fed directly into quantitative risk analysis. Aaron will show how important this data is in driving risk analysis and creating an effective and appropriate security program.

AWS Security Essentials

Tuesday, 10:30 AM EST

Are you using or moving to AWS? Have you considered how you organize and secure your AWS environments? The growing push to cloud providers has allowed us to move faster and tackle problems more efficiently. The same freedoms that have allowed us to move faster have also created scenarios where security issues are exposed by accident and/or without proper management and review. As companies move toward more and more cloud usage, teams are pushed harder to ensure the same compliance and security requirements that exist in slower moving private environments. This has the potential to put us right back where we came from.

Join Aaron as he talks through the most critical security decisions you can make for you AWS environments. He will identify issues and solutions in an automation friendly fashion that aim to fit seamlessly into the development and deployment lifecycle. This session will cover the following topics:

  • Account provisioning and IAM
  • Credential management
  • VPC setup and network design
  • AWS services that boost your security posture
  • Auditing AWS configurations to find security holes
  • Creating a robust CI pipeline that ensures no obvious security holes are present within your environments

In addition to these topics a heavy emphasis on both platform and server automation will be included. Please note that this session is heavily tuned to people using Amazon Web Services. If you are using another Cloud provider the ideas will still be relevant, but not all solutions will be available for your provider.