fast forward
play

Fast Forward Reflecting on a Life of Watching Movies and a Career - PowerPoint PPT Presentation

Jun 28, 2023 •337 likes •1.08k views

Fast Forward Reflecting on a Life of Watching Movies and a Career in Security Jason Chan VP, Information Security @ Netflix @chanjbs Credit: @LoulouHoltz So . . . what does this have to do with security? Credit: @matt_tesauro Back to the

  1. Fast Forward Reflecting on a Life of Watching Movies and a Career in Security Jason Chan VP, Information Security @ Netflix @chanjbs

  4. Credit: @LoulouHoltz

  9. So . . . what does this have to do with security?

  17. Credit: @matt_tesauro

  18. Back to the movies . . .

  20. Basics Non-Functional Requirements Infrastructure Deployment Performance Reliability Technology Observability Scalability Operations Standards Core Functionality Upgrades Migrations Security Other Campaigns Change

  21. Reducing Cognitive Load for Developers

  25. Simplifying the Security Interface for Developers

  26. Are you trying to make your engineers security experts? Or do you just want them to build and operate secure systems?

  27. What security functions can we abstract to simplify the developer experience?

  28. Netflix Studio Engineering

  31. Netflix Studio Engineering Optimize production from “pitch to play” Lots of innovation and iteration

  32. Netflix Studio Apps Studio LOB App A Netflix Studio User Studio LOB App N

  33. Simplify and Improve Security through Functionality Abstraction

  34. Leverage Netflix OSS - Zuul “built to enable dynamic routing, monitoring, resiliency and security” https://github.com/Netflix/zuul/wiki

  35. Netflix Studio Apps with Zuul and Wall-E Studio LOB App A Wall-E Netflix Studio User Studio LOB App N Pre-Filters Post-Filters Rate Limit Schema Check IP Blacklist Sec Headers Authentication DLP Authorization SigSci WAF Schema Check

  37. Results Lower cognitive load for onboarding security Centralized and managed functionality Frees developers to build the Netflix Studio!

  39. Blurring Lines: App and Infra Monolith to microservices: network Immutable infra: OS, custom app, middleware Infra as code: Everything!

  40. Tackling App and Infra Integration: Seamless Least Privilege

  41. The Magic of IaaS Storage Database Email Services Instances Message Hadoop Queue

  42. Ex: Cloud Based Word Processor

  43. Ex: Cloud Based Word Processor { "Effect": "Allow", "Action": ["*:*"] "Resource": "*" }

  44. Ex: Cloud Based Word Processor { "Effect": "Allow", "Action": ["s3:*"] "Resource": "*" }

  45. Ex: Cloud Based Word Processor { "Effect": "Allow", "Action": ["s3:GetObject", "s3:PutObject"] "Resource": "*" }

  46. Ex: Cloud Based Word Processor { "Effect": "Allow", "Action": ["s3:GetObject", "s3:PutObject"] "Resource": " arn:aws:s3:::wp_bucket " }

  48. AWS provides data about API use This data acts as a basis for action

  49. When a new application is created, we provide a base set of permissions s3:GetObject s3:PutObject ... ... ... ... sqs:ReceiveMessage

  50. We observe the application to see which permissions are actually used

  51. We then remove unused permissions s3:GetObject s3:PutObject ... ... ... ... sqs:ReceiveMessage

  52. We then remove unused permissions s3:GetObject s3:PutObject ... ... ... ... sqs:ReceiveMessage

  53. Available as OSS - Repokid https://github.com/Netflix/repokid

  55. Results Low-risk access reduction Transparent and versioned ops Innovation and high-velocity development without friction

  57. Potential for “Controlled” Anarchy Microservices YBIYRI Polyglot and multiple tech stacks Independent deployments Intentionally decentralized governance leads to increased attack surface

  60. Managing the Anarchy

  62. The Security Paved Road ● Well-supported solutions from central teams ● Clarifies and evangelizes successful patterns and practices ● Automated observation and evaluation of adoption ● Provides a standard way of interfacing with engineering teams about security ● Uncover risk and reward operational excellence

  63. Security Paved Road (ex.) Example Solutions & Measures Per-app IAM role Per-app Security Group No secrets in code Instance identity Updated machine image

  64. Security Paved Road Quarterly Change Cycle Commit to update once per quarter to pull in upgrades, library changes, and modifications to paved road components

  66. Security Paved Road Security Brain Make our expectations, asks, and recommendations explicit and easy to navigate

  67. Customized view for the user Open security issues Recommended practices

  68. Most security backlog is standard; explicitly limit bespoke/custom backlog

  71. In closing . . .

  72. Overall Takeaways Stay attuned to trends Simplify and standardize Favor transparent decisions Measure adoption and uptake Get comfortable with tradeoffs

  73. Thank you! @chanjbs

Recommend

JIT-Assisted Fast-Forward Embedding and Instrumentation to Enable Fast, Accurate, and Agile

JIT-Assisted Fast-Forward Embedding and Instrumentation to Enable Fast, Accurate, and Agile

JIT-Assisted Fast-Forward Embedding and Instrumentation to Enable Fast, Accurate, and Agile Simulation Berkin Ilbeyi and Christopher Batten Computer Systems Laboratory School of Electrical and Computer Engineering Cornell University

541 views • 24 slides
Fast Forward I/O & Storage Eric Barton Lead Architect High Performance Data Division 1

Fast Forward I/O & Storage Eric Barton Lead Architect High Performance Data Division 1

Fast Forward I/O & Storage Eric Barton Lead Architect High Performance Data Division 1 Department of Energy - Fast Forward Challenge FastForward RFP provided US Government funding for exascale research and development Sponsored by 7

505 views • 21 slides
MOVING FORWARD, MOVING FAST, ON SOLID GROUND: FAST, ON SOLID GROUND: An Effective and

MOVING FORWARD, MOVING FAST, ON SOLID GROUND: FAST, ON SOLID GROUND: An Effective and

MOVING FORWARD, MOVING FAST, ON SOLID GROUND: FAST, ON SOLID GROUND: An Effective and Sustainable Judicial Reform Agenda Reform Agenda Maria Lourdes P. A. Sereno Chi f J Chief Justice ti September 18 2012 September 18, 2012 BACKGROUND:

316 views • 18 slides
Community Update MST T Fast st Facts cts MST T Fast st Facts cts MST T Fast st Facts

Community Update MST T Fast st Facts cts MST T Fast st Facts cts MST T Fast st Facts

Monter nterey-Sali Salinas nas Transit ansit Community Update MST T Fast st Facts cts MST T Fast st Facts cts MST T Fast st Facts cts MST T Fast ast Facts acts 231,706 miles between preventable accidents 89% on time

198 views • 19 slides
DISCUSSION: Following the September 17, 2015 adoption of the RTP-SCS Public Participation Plan,

DISCUSSION: Following the September 17, 2015 adoption of the RTP-SCS Public Participation Plan,

JTAC STAFF REPORT Fast Forward 2040 Phase 1 Public Outreach Presentation SUBJECT: MEETING DATE: November 5, 2015 AGENDA ITEM: 5 Michael Becker, Peter Imhof STAFF CONTACT: RECOMMENDATION: Receive the Fast Forward 2040 phase 1 public

444 views • 18 slides
Fast F Forward 2 2017: Self Driving Cars in Our Communities Monday, December 4 th , 2017

Fast F Forward 2 2017: Self Driving Cars in Our Communities Monday, December 4 th , 2017

Fast F Forward 2 2017: Self Driving Cars in Our Communities Monday, December 4 th , 2017 Westborough, MA Paul M Matthe hews 495/MetroWest Partnership Al Alison F Felix Metropolitan Area Planning Council Rafael M Mares

873 views • 56 slides
Fast methods for Bayesian inverse problems with uncertain PDE forward models Ilona Ambartsumyan

Fast methods for Bayesian inverse problems with uncertain PDE forward models Ilona Ambartsumyan

Fast methods for Bayesian inverse problems with uncertain PDE forward models Ilona Ambartsumyan and Omar Ghattas Oden Institute for Computational Engineering and Sciences The University of Texas at Austin Example of inverse problem with

434 views • 27 slides
FAST FORWARD Bill Dally, Chief Scientist and SVP Research, NVIDIA Thursday, May 11, 2017

FAST FORWARD Bill Dally, Chief Scientist and SVP Research, NVIDIA Thursday, May 11, 2017

GRADUATE FELLOW FAST FORWARD Bill Dally, Chief Scientist and SVP Research, NVIDIA Thursday, May 11, 2017 GRADUATE FELLOWSHIP PROGRAM Funding for Ph.D. students revolutionizing disciplines with the GPU Engage: Build mindshare Facilitate

909 views • 66 slides
Being a METS Startup Fast Failure; Fast Reward November 2016 Fast Failure; Fast Reward

Being a METS Startup Fast Failure; Fast Reward November 2016 Fast Failure; Fast Reward

Being a METS Startup Fast Failure; Fast Reward November 2016 Fast Failure; Fast Reward Fireside Chat Story so far What mindset do you need? Whats different about this market? Fast Reward 2 Fireside Chat Clear

508 views • 12 slides
A FAST FORWARD THROUGH RAY TRACING GEMS Eric Haines, Distinguished Engineer | March 21, 2019 |

A FAST FORWARD THROUGH RAY TRACING GEMS Eric Haines, Distinguished Engineer | March 21, 2019 |

A FAST FORWARD THROUGH RAY TRACING GEMS Eric Haines, Distinguished Engineer | March 21, 2019 | Talk S9872 1 There is an old joke that goes, Ray tracing is the technology of the future, and it always will be! David Kirk, March 2008 2

825 views • 48 slides
Fast Forward Urbanism: Building New Cities in the (so-called) Global South A PRESENTATION FOR:

Fast Forward Urbanism: Building New Cities in the (so-called) Global South A PRESENTATION FOR:

Fast Forward Urbanism: Building New Cities in the (so-called) Global South A PRESENTATION FOR: Cities at the Center of the World Conference Center for Global Studies George Mason University Woodrow Wilson Center for International Scholars

551 views • 21 slides
GRADUATE FELLOW FAST FORWARD Bill Dally, Chief Scientist and SVP Research, NVIDIA Thursday, March

GRADUATE FELLOW FAST FORWARD Bill Dally, Chief Scientist and SVP Research, NVIDIA Thursday, March

GRADUATE FELLOW FAST FORWARD Bill Dally, Chief Scientist and SVP Research, NVIDIA Thursday, March 21, 2019 GRADUATE FELLOWSHIP PROGRAM Funding for Ph.D. students revolutionizing disciplines with the GPU Engage: Build mindshare Facilitate

1.2k views • 109 slides
With Fast Track Potential In a Low-Risk Jurisdiction With Fast Track Potential

With Fast Track Potential In a Low-Risk Jurisdiction With Fast Track Potential

BATT: TSX-V BBBMF: US Battery Metal Assets Battery Metal Assets In a Low-Risk Jurisdiction With Fast Track Potential In a Low-Risk Jurisdiction With Fast Track Potential www.bluebirdbatterymetals.com Forward Looking Statements This

673 views • 26 slides
The Fast Track Diploma Programme Introduction Congratulations to you all for being accepted onto

The Fast Track Diploma Programme Introduction Congratulations to you all for being accepted onto

The Fast Track Diploma Programme Introduction Congratulations to you all for being accepted onto our Fast Track Diploma Programme. Were really excited to be providing this wonderful opportunity for our members and look forward to getting to

567 views • 14 slides
Introduction Graphics cards can render a lot, and fast But never as much or as fast as

Introduction Graphics cards can render a lot, and fast But never as much or as fast as

10/3/2012 Introduction Graphics cards can render a lot, and fast But never as much or as fast as wed like! Updating the game world can involve a lot of Scene Management objects Consider Dragonfly doing collision detection

375 views • 3 slides
Fast Food and Your Health www.ddssafety.net Last updated October 2009 What is fast food?

Fast Food and Your Health www.ddssafety.net Last updated October 2009 What is fast food?

Fast Food and Your Health www.ddssafety.net Last updated October 2009 What is fast food? Fast food is food made fast like: Pizza, burritos, burgers, and fries Too much fast food can be bad for you. 2 www.ddssafety.net Last

778 views • 10 slides
Summary of flat-beam studies at FAST during FALL17 run A. Halavanau*, work by all the FAST team.

Summary of flat-beam studies at FAST during FALL17 run A. Halavanau*, work by all the FAST team.

Northern Illinois Center for Accelerator and Detector Development Summary of flat-beam studies at FAST during FALL17 run A. Halavanau*, work by all the FAST team. Presented by P. Piot Fermilab FAST/IOTA retreat 12/21/2017 12/21/17

729 views • 23 slides
Redis for Fast Data Ingest Agenda Fast Data Ingest and its challenges Redis for Fast

Redis for Fast Data Ingest Agenda Fast Data Ingest and its challenges Redis for Fast

Home of Redis Redis for Fast Data Ingest Agenda Fast Data Ingest and its challenges Redis for Fast Data Ingest Pub/Sub List Sorted Sets as a Time Series Database The Demo Scaling with Redis e Flash 2

435 views • 42 slides
LIVE IT AND WATCH IT! fast&fun box HD LIVE IT AND WATCH IT! Fast&FunBox is a new TV

LIVE IT AND WATCH IT! fast&fun box HD LIVE IT AND WATCH IT! Fast&FunBox is a new TV

LIVE IT AND WATCH IT! fast&fun box HD LIVE IT AND WATCH IT! Fast&FunBox is a new TV Channel ofgering an action-packed, adrenaline-pumping medley of extreme sports, from car racing and motocross to snowboarding and skateboarding; a

509 views • 21 slides
Fast-track listing Fast-track listing process Time to market can be essential benefits of

Fast-track listing Fast-track listing process Time to market can be essential benefits of

Fast-track listing Fast-track listing process Time to market can be essential benefits of Fast-track: - FAST: Significantly quicker access to public markets - FLEXIBLE: Individually customized listing process - CONFIDENTIAL: Announcement

780 views • 6 slides
Fast Tracking Multiple Gold Deposits One of the Highest Grade Gold Development Projects in Canada

Fast Tracking Multiple Gold Deposits One of the Highest Grade Gold Development Projects in Canada

Fast Tracking Multiple Gold Deposits One of the Highest Grade Gold Development Projects in Canada BTR: TSX-V BONXD: OTCQX 9BR1: FSE Forward Looking Statements This presentation contains certain statements that may be deemed forward - looking

306 views • 27 slides
TO THE NEXT LEVEL WITH ARCINOVA FAST FORWARD TO MARKET WITH ARCINOVA Discovery Preclinical

TO THE NEXT LEVEL WITH ARCINOVA FAST FORWARD TO MARKET WITH ARCINOVA Discovery Preclinical

TAKE PHARMACEUTICAL DEVELOPMENT TO THE NEXT LEVEL WITH ARCINOVA FAST FORWARD TO MARKET WITH ARCINOVA Discovery Preclinical Clinical Market Integrated scale-up & Trusted discovery partners Trusted clinical partners manufacturing

519 views • 48 slides
FAST TRACKING MULTIPLE GOLD DEPOSITS High Grade Gold Development Projects in Canada June 2019

FAST TRACKING MULTIPLE GOLD DEPOSITS High Grade Gold Development Projects in Canada June 2019

FAST TRACKING MULTIPLE GOLD DEPOSITS High Grade Gold Development Projects in Canada June 2019 BTR: TSX-V BONXD: OTCQX 9BR1: FSE Forward-Looking Statements This presentation contains "forward-looking information" within the meaning of

414 views • 25 slides
Exploring the Pisces-Perseus Supercluster (PPS) with FAST Li Xiao Ming Zhu Mei Ai FAST

Exploring the Pisces-Perseus Supercluster (PPS) with FAST Li Xiao Ming Zhu Mei Ai FAST

Exploring the Pisces-Perseus Supercluster (PPS) with FAST Li Xiao Ming Zhu Mei Ai FAST Martha Haynes, Riccardo Giovanelli Cornell 2014 5.20 GBT Outline Overview of PPS Infall motion towards PPS Background on

258 views • 21 slides

More recommend