WithSecure Consulting's going independent, and with it came the need to create an entire new AWS estate from scratch. The catch? We're not an engineering house and this isn't our core focus area. It needed to be done quickly, with the resources we already had available, on the lowest budget possible. The end result? A bunch of penetration testers and security consultants finding themselves on the other side of the coin, engineering an environment to support and enable security consulting and research work, which invariably requires bending/breaking a lot of "security best practices".

Join Mohit and Nick as they run through the build-out process and associated engineering decisions and tradeoffs, highlighting where we chose to deviate from the usual "best practices" and why. We'll cover:

• Authentication & Authorisation strategies
• Organisation structure and hardening, workload segregation tradeoffs
• Code and infrastructure deployment approaches across an incredibly disparate set of teams
• Security monitoring on a budget

Attendees will walk away from this talk with battle-tested advice on how to design, build an operate an AWS estate on a limited budget with limited personnel, and understanding the trade-offs that were made to support some distinctly non-standard requirements.