Sarah Harvey, Square Inc
Microservice architecture is becoming increasingly common with the democratization of cloud computing power, and more and more organizations are realizing that it's often simply easy to pay for a particular service instead of building it from scratch. The result is that many large organizations often have to grapple with hundreds if not thousands of such third-party integrations. However, performing risk analysis about these interactions—especially when it relates to the sharing of data—can be extremely time-consuming if not impossible.
In this talk, we will briefly cover typical third-party integration flows within an organization, from request to implementation. We will identify common gaps in security visibility and access, and discuss various solutions with their degree of efficacy as we have measured. We will argue that it is through these improvements that you will be able have not just a more holistic, but more consistent risk map of your organization's assets.
The aim of this talk is to show that the boring, grueling work in security is just as important as exciting 0-days! We hope to also show that there are still new exciting metrics and incident response systems you can derive from these processes.
Sarah is a software engineer on a privacy engineering team at Square. Her background includes 4+ years of industry experience in security/privacy infrastructure design and engineering and 4 years of academic privacy research. She has a variety of event organizing and speaking experience; highlights include speaking at and co-organizing BSidesSF 2019, organizing and presenting a 300+ person CTF workshop at Grace Hopper, and giving a series of funny lightning talks on infrastructure security and privacy challenges.
She also has given talks as a hologram, and in general never takes herself seriously.
She can be followed for cats and tech humor on Twitter: @worldwise001.