Stephanie Shi
Stephanie [pronounced Stephanie] is a Security Engineer in the Cloud Security Team at Block. Previously has worked in Identity and Access as well as Infrastructure teams throughout her career.
Session
Block is an ecosystem of ecosystems, each with distinct needs and diverse use cases for the cloud. From Bitcoin transactions to conventional banking to hi-fi music, we encompass it all. Our Cloud Security team plays a pivotal role in safeguarding this eclectic environment.
That being said even at this scale the basic questions still apply:
- Paved roads & north star requirements: How do we determine the necessary guardrails, frameworks, and patterns?
- Guardrails: When is the right time to enforce a guardrail?
- Buy vs build: How do we decide whether to build a solution in-house or purchase one?
- Developer empowerment via remarkable solutions: What practices are appropriate for each specific business, recognizing that a one-size-fits-all approach is not feasible?
Our goal is to minimize the uncertainty and unknowns in these decision-making processes, leveraging what we can quantify using various tools at our disposal. In this way, we empower our developers to make sound security decisions while still harnessing the power of cloud resources and compute.
In this presentation, we will delve into our data-driven approach to measure, secure, and monitor this unique environment. Topics include:
- Our insights technology stack. (Data warehouse, ETL, BI analytics, etc)
- Alternative strategies in cloud security. (Beyond the out of the box CSPM, arbitrary tech)
- A detailed case study on static credentials.
- Driving business decisions and prioritization via insights
- Additional examples where metrics have guided our decisions.
- Key learnings and insights gained.
- Future direction.
- Reducing alerts and gaining developer trust using foundational components