Look Ma, No Hands! - Decentralizing security for scale presented at BSidesSanFrancisco 2017

by Chris Dorros,

Summary : What does your security operations team look like? A bunch of folks sitting in a blue-lit room starting at telemetry data from systems they didn’t even design let alone operate? That’s what ours looked like too, until we learned that decentralizing most security functions is far more effective than dedicated teams. In order to scale security without the bottleneck of security team headcount, we need to think different. Everyone needs to be a security engineer. In this talk I’ll describe some of the organizational changes that have worked for us, as well as show off few internal security tools we’ve built to put usable security into the hands of developers.