Dwayne McDaniel
Senior Security Developer Advocate at GitGuardian
Dwayne has been working as a Developer Advocate since 2016 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. He has been fortunate enough to speak at institutions like MIT and Stanford and far-off places like Paris and Iceland. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv. On the internet, most places, as @mcdwayne.
Session
When was the last time you updated all your API keys and other credentials for your application and cloud environments? How long did it take you? Would you say it was "easy"?
What if I were to tell you that there exist teams that would tell you they rarely spend any time rotating secrets because they automated the entire process and no credentials are more than a day old. This is not SciFi or fantasy, but good old-fashioned open source and some scripting.
DevOps means we have to move faster than ever and manually dealing with credentials is not just slowing us down, it is opening us up for a world of hurt if we don't react to leaks fast enough.
This session is based on best practices in manually dealing with secrets leaks and some fairly recent advancements in both secrets management and secrets detection and remediation. While you might not be ready to implement this today, you will walk away from this session with a sense of how to better approach secrets security for the future.