Toni de la Fuente
I’m the creator of Prowler Open Source, the tool for cloud security, co-founder and CTO at Prowler. I also worked for AWS as senior security engineer, senior security consultant and incident responder. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. Over the last 25 years done some things for security and the Open Source community like phpRADmin, Nagios plugins, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for Packt Publishing. I spoke on many conferences including BlackHat, DEFCON, RootedCon, BSides Vegas, BSides Augusta and others.
Session
Do you want to build a big OSS swiss-army knife tool? Go for it my friends, but please know: it's dangerous to go alone.
After 12 years of securing cloud workloads and building open-source cloud security tools, I will share my expertise, war stories, and gotchas on how cloud security has evolved over the years by way of AWS, Azure, Google Cloud and Kubernetes; and how you can meet the challenges of securing a multi-cloud environment without dying trying.
In the dynamic world of cloud computing, navigating the complexities of building an open-source security tool for multi-cloud environments is very difficult. This talk will walk you through the challenges of authentication, variety of SDKs (python in this case), cloud provider inconsistencies and the madness of compliance and attribute mapping; the trials and tribulations of allowing users to build their own visualization; and creating output and reporting formats to satisfy compliance officers, auditors, and practitioners.
You will walk away with a better understanding of how to improve your security posture by building a multi-faceted tool and also with tips for keeping the tool simple, effective, and user-friendly.
Join us for a session full of fire, iron and, why not, a bit of blood and tears to forge your best tool in your arsenal.
Outline:
Introduction (5 minutes):
* Brief personal introduction and background in cloud security and open-source tools.
* Overview of the evolution of cloud computing and security challenges across AWS, Azure, Google Cloud, and Kubernetes.
* Highlight the main goal: to share knowledge on building a robust, multi-cloud open-source security tool.
The Genesis of Multi-Cloud Security Tools (5 minutes):
* Historical context: the early days of cloud computing and initial security challenges.
* The evolution of threats and security measures over the past 12 years.
* The motivation behind creating a tool for cloud security.
Core Challenges and war-stories in Multi-Cloud Environments (25 minutes):
* Authentication maze: navigating through different cloud providers and their authentication and authorization capabilities.
* SDK diversity: handling Python SDKs across AWS, Azure, Google Cloud and Kubernetes.
* Cloud provider inconsistencies: dealing with varying features and services.
* Compliance and attribute mapping madness: satisfying diverse regulatory requirements and how to make it easier.
* Results and reporting: crafting output formats that meet the needs of compliance officers, auditors, and practitioners alike.
* UI-UX and User-Driven visualization: allowing users to customize their security visibility.
* Performance: Concurrency, throttling and other cloud APIs tales.
Maintaining Your Tool now and in the future: Best Practices and Lessons Learned (5 minutes):
* Open Source Cloud Security Community is a different Open Source Security Community.
* Insights on future-proofing your security tool against evolving threats and cloud services.
Conclusion and Q&A (5 minutes):
* Recap of the key points covered and the importance of a robust multi-cloud security tool.
* Encouragement and advice for those embarking on the journey of building their own open-source tools.
* Open floor for questions, sharing experiences, and further discussion.