You are viewing content from a past/completed QCon

Presentation: Reducing Risk of Credential Compromise @Netflix

Track: Security: Lessons Attacking & Defending

Location: Pacific DEKJ

Duration: 4:10pm - 5:00pm

Day of week: Wednesday

Level: Intermediate

Persona: Security Professional

Share this on:

Abstract

Building a secure system is like constructing a good pizza – each individual layer adds flavor that ultimately builds to the perfect bite. At Netflix we have hand-crafted ingredients that by themself are scrumptious, but when placed together strategically on the crust (read: cloud), constructs a pizza so large that any pizza lover (read: attacker) would be challenged to finish.  Attendees will learn the secret to the sauce that is Netflix Infrastructure Security, be equipped to start baking pizza in their own kitchen, and leave satisfied.

Speaker: William Bengtson

Security Researcher, Leader, Advisor @Netflix

Will Bengtson is senior security engineer at Netflix focused on security operations and tooling. Prior to Netflix, Bengtson led security at a healthcare data analytics startup, consulted across various industries in the private sector, and spent many years in the Department of Defense. Bengtson is on the BSidesSF and Bay Area OWASP leadership team. Bengtson contributes to numerous open source projects and has spoken on topics of security across the world.

Find William Bengtson at

Speaker: Travis McPeak

Sr. Cloud Security Engineer @Netflix

Travis is a Senior Cloud Security Engineer at Netflix. He enjoys applying automation to solving complex problems that can’t be addressed manually. Travis is currently the OWASP Bay Area chapter lead and a core developer of several open-source security tools including Bandit and Repokid. In the past he has led several initiatives on the OpenStack Security Team and was a founding member of the Cloud Foundry Security Team. When not geeking out on security he enjoys traveling and quality beer and food.

Find Travis McPeak at

Proposed Tracks

  • Architectures You've Always Wondered About

    Next-gen architectures from the most admired companies in software, such as Netflix, Google, Facebook, Twitter, & more

  • Machine Learning without a PhD

    AI/ML is more approachable than ever. Discover how deep learning and ML is being used in practice. Topics include: TensorFlow, TPUs, Keras, PyTorch & more. No PhD required.

  • Production Readiness: Building Resilient Systems

    Making systems resilient involves people and tech. Learn about strategies being used from chaos testing to distributed systems clustering.

  • Building Predictive Data Pipelines

    From personalized news feeds to engaging experiences that forecast demand: learn how innovators are building predictive systems in modern application development.

  • Modern Languages: The Right Language for the Job

    We're polyglot developers. Learn languages that excel at very specific tasks and remove undifferentiated heavy lifting at the language level.

  • Delivering on the Promise of Containers

    Runtime containers, libraries and services that power microservices.

  • Evolving Java & the JVM

    6 month cadence, cloud-native deployments, scale, Graal, Kotlin, and beyond. Learn how the role of Java and the JVM is evolving.

  • Trust, Safety & Security

    Privacy, confidentiality, safety and security: learning from the frontlines.

  • Beyond the Web: What’s Next for JavaScript

    JavaScript is the language of the web. Latest practices for JavaScript development in and out of the browser topics: react, serverless, npm, performance, & less traditional interfaces.

  • Modern Operating Systems

    Applied, practical & real-world deep-dive into industry adoption of OS, containers and virtualization, including Linux on.

  • Optimizing You: Human Skills for Individuals

    Better teams start with a better self. Learn practical skills for IC.

  • Modern CS in the Real World

    Thoughts pushing software forward, including consensus, CRDT's, formal methods & probabilistic programming.

  • Human Systems: Hacking the Org

    Power of leadership, Engineering Metrics and strategies for shaping the org for velocity.

  • Building High-Performing Teams

    Building, maintaining, and growing a team balanced for skills and aptitudes. Constraint theory, systems thinking, lean, hiring/firing and performance improvement

  • Software Defined Infrastructure: Kubernetes, Service Meshes & Beyond

    Deploying, scaling and managing your services is undifferentiated heavy lifting. Hear stories, learn techniques and dive deep into what it means to code your infrastructure.

  • Practices of DevOps & Lean Thinking

    Practical approaches using DevOps and a lean approach to delivering software.

  • Operationalizing Microservices: Design, Deliver, Operate

    What's the last mile for deploying your service? Learn techniques from the world's most innovative shops on managing and operating Microservices at scale.

  • Developer Experience: Level up your Engineering Effectiveness

    Improving the end to end developer experience - design, dev, test, deploy and operate/understand.