You are viewing content from a past/completed QCon -

Presentation: Designing Secure Architectures the Modern Way, Regardless of Stack

Track: Scaling Security, from Device to Cloud

Location: Fleming, 3rd flr.

Duration: 10:35am - 11:25am

Day of week:

Slides: Download Slides

This presentation is now available to view on InfoQ.com

Watch video with transcript

Abstract

This talk aims to attack two typical conflicts any security architect is well familiar with: 

1. Most of the design thinking for preventing security incidents and performance bottlenecks focuses on avoiding known risks in a known way. However, most of the time this approach leads to cost-efficient systems that are prone to unexpected failures and attack chaining.
2. Most of risk treatment choices for both reliability and security focus on "this stack is able to do X in a certain way and no other way around": the capabilities within each technological stack to cope with risks it's facing is limited by pre-defined feature set. 

The solution? Focusing on the risk assets, and designing defenses around asset lifecycle in a way that easily translates to any technological stack.

Eugene will share his experience of implementing sophisticated defenses in constrained environments - ranging from protecting huge power grid SCADA networks to improving end-to-end encryption in small mobile applications - and why designing it properly is what counts when limitations are constraining any easy answers one may find.

Speaker: Eugene Pilyankevich

CTO @cossacklabs, Building Applied Cryptographic / Data Security Tooling

Eugene is CTO at Cossack Labs, a data security engineering company, where his job includes almost everything (as you can imagine a CTO of a small company does): defining product strategy, designing internal products and customer solutions, driving R&D efforts, ensuring the steady cycle of forming–storming–norming–performing of core engineering team. Eugene started as a software developer and ISP infrastructure engineer nearly two decades ago. Being always keen to chase causes for failures he had to deal with daily led to a chain of positions - through security engineer and software/security architect to CTO in telco, banking, and computer security industries. A life-long interest in understanding risk, human behavior, and decisionmaking under uncertain conditions made Eugene look into causes of resiliency and security problems where they actually begin: in human brains. 

Find Eugene Pilyankevich at

Tracks

Discover some of the topics you will see at QCon London.

Architectures You've Always Wondered About

Hard-earned lessons from the names you know on scalability, reliability, security & performance.

Performance & Mechanical Sympathy

Wrangling computer architectures to achieve your performance goals.

Current Trends in Frontends

Emerging frameworks and tools for web & mobile frontends.

Developer Enablement - The Secret Weapon

How to supercharge developer productivity and happiness.

Innovations in ML Systems

Discover how to operationalize machine learning applications that are scalable, secure, interpretable.

Building and Evolving APIs

How would you design and implement your APIs if you were starting today?

Staff-Plus Engineer Path

What are the skills you need to develop if you want to stay on the technical track to technical lead, staff, or principal? What will it take to thrive in this type of role?

Debug, Analyze & Optimise... in Production!

Learn how to make the most out of your observability.

Resilient Architectures

Building systems that can handle failures.

Modern Java

New, shiny, and proven – making your Java life better.

Enterprise Blockchain

Using blockchain to deliver decentralized systems for the enterprise.

WebAssembly & Modern Systems Programming Languages

Writing efficient code with modern systems languages like Rust and WebAssembly

Next Generation Microservices: Building Distributed Systems the Right Way

Patterns for building, organizing, observing & operating microservices in the real world.

Modern Data Pipelines & DataMesh

Learn about emerging solutions for creating modern data pipelines for common data challenges.

Optimising for Speed & Flow

Discover processes, practices & organizational structures that can help us build & release faster.