Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Home
  • Attend
    • Registration
    • Discounts
    • Venue, Hotel, and Travel
    • Why Attend?
    • Students and Grants
  • Program
    • Program at a Glance
    • Conference Program
    • Training Program
      • Training Program - Details
    • Workshops
    • Conference Topics
      • Systems and Network Engineering
      • Monitoring and Metrics
      • SRE and Software Engineering
      • Culture
    • UCMS '15
    • URES '15
    • Puppet Camp DC
  • Activities
    • Birds-of-a-Feather
    • LISA Build
    • LISA Lab
  • Sponsors and Expo
    • LISA15 Expo
    • Sponsor and Exhibitor List
    • Exhibitor Services
  • Participate
    • Call for Participation
    • Call for Research Papers and Posters
      • Submitting Papers and Posters
    • Speaker Resources
  • About
    • Conference Organizers
    • Help Promote
    • Services
    • Code of Conduct
    • Past Conferences

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

Why Attend LISA?

"In a world where technology changes rapidly, it's hard to find great resources for in-depth expertise. LISA has a terrific combination of people who create the technology and people who implement it effectively for their companies."

Matt Simmons, Northeastern University

"I like seeing where the industry is heading, how SysAdmins/engineers are evolving, tools they are using, common problems and solutions across the world."

LISA14 Attendee

"If you're a sysadmin slaving away in a metaphorical basement and re-inventing the wheel every time your employer's business goals change slightly, LISA will help pull you into the light."

Marc Chiarini, Long-Time IT Admin and Researcher, MarkLogic Corp

"LISA is the home of ops people who do ops correctly. I’m always motivated by the conference content and hallway conversations to be better, and I take home the knowledge needed to move closer to that goal. "

Tony Del Porto, Cisco Systems, Inc.

"LISA is the best mix of training, talks, and networking of any events I've been to. That's the reason I've been to 11 of them.”

LISA14 Attendee

"This was my first LISA. It was great attending a conference that focused on my role without trying to shoehorn every challenge into a specific vendor's solution. The same mix of awesome sessions, speakers, and other attendees will bring me back every year."

LISA14 Attendee

"No matter if you are dealing with the latest tech or trying to maintain something from the dark ages of the ‘90s, there are people at LISA who are experienced with it. Heck, many of the people who _developed_ this tech attend. This is a great place to get answers and ideas."

Lee Damon, University of Washington

"Great sessions, great presenters, great community. I feel like I can make up a year of following news and forums on the subject in a week."

LISA14 Attendee

help promote

LISA16 CFP button

Get more
Help Promote graphics!

sponsors

Gold Sponsor
Gold Sponsor
Gold Sponsor
Gold Sponsor
Silver Sponsor
Silver Sponsor
Silver Sponsor
Silver Sponsor
Bronze Sponsor
Bronze Sponsor
Bronze Sponsor
Bronze Sponsor
Bronze Sponsor
General Sponsor
General Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Industry Partner
Industry Partner
Industry Partner
Industry Partner
Industry Partner
Industry Partner

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

twitter

Tweets by @LISAConference

You are here

Home » Vulnerability Scanning's Not Good Enough: Enforcing Security and Compliance at Velocity Using Infrastructure As Code
Tweet

connect with us

Vulnerability Scanning's Not Good Enough: Enforcing Security and Compliance at Velocity Using Infrastructure As Code

Invited Talk
Thursday, November 12, 2015 - 4:45pm-5:30pm

Julian Dunn, Chef Software, Inc.

Abstract: 

In this talk, I'll discuss why existing approaches to achieving business compliance with security standards do not work. Manual verification steps, ad-hoc, emergency remediation when the auditors are in the building, and post-hoc vulnerability "scanning" that generate large reports but few actionable items result in a world full of "security and compliance theatre" that doesn't actually achieve the objectives. Worse still, once auditors leave, companies go back to doing business as usual -- until the next audit, when the cycle begins again.

I'll describe approaches we've found helpful in creating real compliance. In particular, we've studied common patterns of compliance regulations, and that you can express most of those in code, using a rules language that is easy enough for auditors to understand and for security analysts to use.

Julian Dunn, Chef Software, Inc.

Julian is a product manager at Chef, where he works on making IT automation tools fun and easy to use. He has over fifteen years of experience as a consultant, engineering manager, system administrator and software developer in industries as diverse as finance, broadcasting, advertising, publishing, and infrastructure software. Originally from Canada, he holds a degree in engineering from the University of Toronto.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

View the slides

Presentation Video 

Presentation Audio

MP3 Download

Download Audio

  • Log in or    Register to post comments

Gold Sponsors

Silver Sponsors

Bronze Sponsors

General Sponsors

Media Sponsors & Industry Partners

© USENIX

LISA is a registered trademark of the USENIX Association.

  • Privacy Policy
  • Contact Us