Security time, courtesy of our host AirBnB! We'll have two great talks, lots of people to meet, and food/beverages.
• 6:00 - Doors open
• 6:30-6:35 - Intro/opening remarks
• 6:35-7:00 - Trust & Safety Engineering @ GitHub (Lexi Galantino)
• 7:05-7:30 - Managing Human IAM in a Multi-Account, Terraformed World (Keziah Plattner)
• 7:30-8:15 - Networking / wrap-up
Talk 1: Trust & Safety Engineering @ GitHub (Lexi Galantino @_gallexi)
GitHub is the #1 open source platform in the world, with over 30 million users working in over 100 million repositories. How do we protect our users from harassment while encouraging happy, healthy communities at such a large scale? In this talk, I'll introduce the concept of Trust & Safety work in online platforms, talk a bit about different models used to tackle this problem, and then walk through some engineering challenges and trade-offs faced at GitHub. The main idea of the talk is this: User safety and privacy, just like security, needs to be built into the platform from the ground up. It is the job of every engineer writing user-facing code to understand and use these best practices.
Lexi Galantino (@_gallexi) is a Software Engineer on the Community & Safety team at GitHub. She is passionate about online privacy, and enjoys presenting Trust & Safety in context with the broader Security community in order to facilitate dialogue and working together for user safety. She is also a dog enthusiast."
Talk 2: Managing Human IAM in a Multi-Account, Terraformed World (Keziah Plattner)
As Airbnb scales employees and the number of AWS accounts it manages, it’s clear that we need a better way of managing Identity Access Management (IAM) policies. In this talk, Keziah will discuss her project of moving to an assume-role based access system, migrating IAM policies and role creation to Terraform, and integrating IAM policy granting with Airbnb’s existing permissions management system.
Keziah Perez Sonder Plattner is a security software engineer at Airbnb. As a member of the Production Infrastructure Security team, she works on a variety of projects: permissions management, secrets management, container security, and AWS security. She graduated from Stanford University with a dual depth specialization in Systems & Security. If you want to strike up a conversation, she can talk for hours about infosec, transit policy, and food.