January OWASP Meeting - Redwood City

Location

1600 Seaport Boulevard, Redwood City, CA
Building - #170 North

Agenda

5:45-6:30 pm - Networking with Drinks & Food
6:30-7:10 : Michael Barrett -How standards-based authentication will change the world
7:15-7:55 : Scott Behrens - The Joy Of Intelligent Proactive Security
8:00-8:20 : More food, drink, and security "hallway con"

Logistics

• Easy parking at location site

• Shuttles exist from Redwood city Caltrain

Talks

How standards-based authentication will change the world

The FIDO (Fast IDentity Online) Alliance is a 501(c)6 non-profit organization nominally formed in July 2012 to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords.

On December 9, 2014 FIDO published final 1.0 drafts of its two specifications – Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F).

Michael Barrett

Michael Barrett is the CEO of an early stage startup in the enterprise security space. (“We’re in stealth mode - if I told you, I’d have to shoot you...”)

Previously, Barrett was President of the FIDO Alliance, an open standards consortium that is reimagining authentication on mobile devices and the Internet. He serves on the board of directors of StopBadWare, a 501(c)(3) Berkman Center spin out organization dedicated to mitigating the impact of malware on businesses and individuals.

From 2006 to 2013, Barrett was the Chief Information Security Officer for PayPal. In this role, he was responsible for ensuring the security of PayPal’s 130+ million accounts worldwide. He oversaw the information systems and services that protect the integrity and confidentiality of PayPal customer and employee information, and led a team of roughly 100 people.

The Joy Of Intelligent Proactive Security

Netflix is amongst the largest users of the public cloud, consuming roughly 30% of all the US's downstream bandwidth at peak. Multiple concurrent code bases, continuous deployments, regional content, and an ever-changing threat landscape make vulnerability and asset management difficult. In order to battle this dynamic environment, we have taken an approach of automating, simplifying, and collecting actionable data with proactive security.

This presentation will assert that the agility of modern infrastructure requires a different approach to security. We look at common areas of a mature security program: identifying and addressing potential issues, monitoring for attacks and anomalies, understanding your environment, collecting and sharing information, all while constantly reevaluating your approach. We will also walk through a few real world cases where intelligent proactive security has simplified Netflix's response time for identifying, responding to, and remediating security issues.

We will also provide demonstrations of a number of Netflix applications that are currently or soon-to-be open sourced that can help you simplify your security program regardless of whether you operate in the cloud or data center.

Attendees will leave this talk with real world strategies, techniques, and Netflix open source tools they can use in their own organizations.

Scott Behrens

Scott Behrens is a security evangelists at Netflix focusing on application security engineering as part of the Product and Application Security team. Scott loves security research and has previously spoken at DEF CON, Derbycon, Shakacon, Chicago B­sides, and a handful of other security conferences.