2024-08-07 –, Tuscany
Dive into the transformative world of Zero Trust in this dynamic session, tailored for practitioners working in startups or companies with smaller security budgets navigating the cloud-centric ecosystem. Zero Trust, the paradigm of "never trust, always verify," moves beyond a buzzword to a necessity for startups facing evolving threats.
We'll explore practical steps for integrating Zero Trust into cloud-native startups. We will focus on ephemeral access management for internal resources and compare tools like AWS SSM and AWS Verified Access for their strategic and cost-effective benefits. This session offers a roadmap for deploying Zero Trust efficiently, ensuring security without compromising on budget.
Concluding with a compelling understanding of Zero Trust's indispensability for robust startup security, attendees will leave equipped with insights and resources for immediate application. Embark on a journey to fortify your startup’s security posture with Zero Trust, blending practical strategies with an inspiring call to action for a secure, cloud-forward future.
Meet the Presenter: A Quick Snapshot (1 minute)
- A swift dive into the speaker’s background in cybersecurity.
Zero Trust: Not Your Average Security Buzzword (3 minutes)
- Clarify zero trust's foundational mantra of “never trust, always verify” beyond the hype, highlighting its role as a paradigm shift in security thinking.
- A shout-out to startups: Articulate its significance for startups, underlining how zero trust directly addresses the evolving threats in cloud-centric operations.
Cloud-Native Zero Trust—The Scrappy Startup Way (5 minutes)
- A casual yet comprehensive guide to building a Least privilege environment using AWS Systems Manager (SSM) & diving into implementing a basic zero trust framework for startups looking to adopt zero trust, starting with AWS Session Manager for ephemeral access management.
- Explain the concepts of port forwarding using Session Manager.
- Identify scenarios where AWS Session Manager shines and where it might stumble.
- Analyze the costs implications without sacrificing security posture.
- Common traps and how to sidestep them like a pro.
- A recorded demo to bring theory into practice.
Cloud-Native Zero Trust—Leveraging AWS Verified Access Without Getting Burnt (8 minutes)
- Explain AWS Verified Access with detailed scenarios showcasing its strengths and a frank discussion of cost implications and strategic fit.
- Highlight deployment missteps with a side of humor and how to avoid them.
- Discuss Cost-effective strategies that don’t skimp on security, inspired by real-world wins and woes. A masterclass for optimizing costs
- Highlight cost-effective strategies for deploying AWS Verified Access, acknowledging budgetary constraints common among startups.
- The ins and outs of CloudWatch, Lambda, and SNS as your cost-cutting crew.
- Architectural insights.
- A live demo to connect the dots and demystify the tech.
Wrapping Up: What Did We Learn? (1 minute)
- Summarize the tangible benefits of integrating zero trust within a cloud-native framework, emphasizing its critical role in fortifying startup security.
- Reinforce the message that adopting zero trust is imperative, not optional, for startups and can be achieved cost-efficiently.
Interactive Q&A (2 minutes)
- Open floor for deeper discussions, clarifications, or debates.
Additional Resources:
- Access to a GitHub repository with code samples and user guides for deeper exploration and hands-on experimentation.
Rohit has extensive security expertise and over sixteen years of practical experience. Throughout his career, he has collaborated with prominent organizations such as PayPal and Robinhood, where he successfully tackled intricate security challenges. Now, he's on a mission to share his expertise and empower startups to do the same. Rohit has donned multiple hats as a manager, architect, and engineer. His active volunteering for BSidesSF for the past four years is a testament to his commitment to the security community. By fostering a proactive security culture, Rohit is dedicated to helping young companies steer clear of critical mistakes and grow securely.