Patrick Cable, Threat Stack, Inc.
Security is hard. Organizations and businesses tend to sacrifice security for speed, which often leads to undesirable security outcomes for organizations. There's good news though: system engineers, administrators, ops professionals of the world are in a unique spot to make security in their organization better! This is especially true for engineers in smaller organizations and startups, because you don't need to be a Security Person™ to make an organization more secure.
In this talk we'll dig into how a security company thinks and acts about security internally - and the lessons you can take away from it. What did we start with? Where are our pain points? Where are we going? We'll talk about threat models, the pain of constraints, how you can get into trouble with cryptography, the importance of UX, vendor assessments and incident response. At the end, you'll have cultural, engineering, and architecture ideas to take back to your organization and implement.
Patrick Cable, Threat Stack, Inc.
Patrick Cable is a Sr. Infrastructure Security Engineer at Threat Stack. He works to ensure the security of the Threat Stack Platform by collaborating with other departments, implementing security tools, and building new technology to make security easier for everyone in the organization. Prior to working at Threat Stack, Patrick was Associate Staff in the Secure and Resilient Systems Group at MIT Lincoln Laboratory where he worked on improving cloud security in research environments.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Patrick Cable},
title = {Securing a Security Company},
year = {2018},
address = {Nashville, TN},
publisher = {USENIX Association},
month = oct
}