Aaron Bedra

Senior Engineer at DRW

Aaron Bedra
   

Aaron Bedra is a Senior Engineer at DRW, where he works at the intersection trading and technology. He has served as a Chief Security Officer, Chief Technology Officer, and Principal Engineer/Architect. He has worked professionally on programming languages, most notably Clojure and ClojureScript. Aaron is the creator of Repsheet, an open source threat intelligence toolkit. He is the co-author of Programming Clojure, 2nd and 3rd Edition and a contributor to Functional Programming: A PragPub Anthology.

Presentations

Adaptive Threat Modeling

Tuesday, 8:30 AM EST

Security should always be built with an understanding of who might be attacking and how capable they are. Typical threat modeling exercises are done with a static group of threat actors applied in “best guess” scenarios. While this is helpful in the beginning, the real data eventually tells the accurate story. The truth is that your threat landscape is constantly shifting and your threat model should dynamically adapt to it. This adaptation allows teams to continuously examine controls and ensure they are adequate to counter the current threat actors. It helps create a quantitative risk driven approach to security and should be a part of every security teams tools.

Join Aaron as he demonstrates how to look at web traffic to analyze the threat landscape and turn request logs into data that identifies threat actors by intent and categorizes them in a way that can be fed directly into quantitative risk analysis. Aaron will show how important this data is in driving risk analysis and creating an effective and appropriate security program.

Intelligent Cache Systems

Tuesday, 10:30 AM EST

Any system of significant scale or latency sensitivity employs the use of caching. It could be as simple as memoization, or as complicated as a fully distributed system. These ideas serve us well, but how do we take it to the next level?

Join Aaron as he demonstrates customizing a caching system. He will discuss the pros and cons of embedding application and domain specificity into your caching model. Aaron will show a start to finish implementation of a custom Redis module that reduces latency, network round trips, and adds pub/sub notifications.

Learn how to take your cache to the next level and encode elements of your system directly into the handling of your most accessed data.

This session will span multiple languages, but will focus on C for the Redis module implementation. Knowledge of C is not required to attend this session, as the details will be explained alongside the code with examples in higher level languages.

Secrets Management

Tuesday, 1:30 PM EST

We've all got secrets, but nobody seems to know where to put them. This long standing issue has plagued system design for ages and still has many broken implementations. While many consider this an application concern, the foundations rest in the design of the system. Join Aaron for an in-depth workshop that will cover the following secret management solutions:

  • Locally encrypted secrets with Ansible Vault
  • HSM backed local secrets with SOPS
  • AWS Secrets Manager
  • Hashicorp Vault

Additionally, this workshop will demonstrate tools for discovering sensitive information checked in to your project.

This is a two session workshop and is best received by attending both sessions.

Secrets Management

Tuesday, 3:15 PM EST

We've all got secrets, but nobody seems to know where to put them. This long standing issue has plagued system design for ages and still has many broken implementations. While many consider this an application concern, the foundations rest in the design of the system. Join Aaron for an in-depth workshop that will cover the following secret management solutions:

  • Locally encrypted secrets with Ansible Vault
  • HSM backed local secrets with SOPS
  • AWS Secrets Manager
  • Hashicorp Vault

Additionally, this workshop will demonstrate tools for discovering sensitive information checked in to your project.

This is a two session workshop and is best received by attending both sessions.

Fluid Trust

Tuesday, 5:00 PM EST

Microservices bring about a series of architectural shifts. One of the most powerful is true separation of concerns. This change brings with it incredible security opportunities. Join Aaron as he demonstrates how to identify and execute on these opportunities. In this session you will explore service and data classification techniques, authentication and access control, and service interface design that respects classification boundaries. If you are interested in, building, or currently using Microservices, this session is a must see!

More to follow…