Matthew Sullivan
Matthew Sullivan leads the infrastructure and identity security functions at Instacart, where he manages a talented team of individual contributors responsible for all cloud platform security controls across all three major cloud providers. Prior to joining Instacart, Matthew spent ten years at Workiva, where he helped establish and mature the company’s security program as a security engineer, infrastructure architect, and then finally as the lead product manager for IAM and security features. He is also the founder of BugAlert.org, a non-profit service that alerts the security community about time-sensitive, high-impact vulnerabilities.
Session
Instacart has been on a journey to migrate employees from long-lived access to just-in-time (JIT) access to our most critical systems. However, we quickly discovered that if the request workflow is inefficient, JIT won’t be adopted widely enough to be useful. How could we satisfy two parties with completely different priorities: employees who want access and want it right now, and auditors who want assurance, control, and oversight? How could we avoid slipping back into old habits of long-lived access and quarterly access reviews?
In this demo-driven technical talk, we’ll show how Instacart’s developed an LLM-powered AI bot that satisfies these seemingly competing priorities and deliver true, fully-automated JIT access. This talk will be informative for anyone curious about how AI bots can be leveraged to automate workflows securely. We’ll step through how to best utilize LLMs for developing or enhancing internal security tooling by demonstrating what works, what doesn’t, and what pitfalls to watch for. Our goal is to share tactics that others can use to inform their own AI bot development, increase organizational efficiency, and inspire LLM-powered use cases for security teams beyond access controls.