warning icon QCon London 2021 has been canceled. See our current virtual and in-person events.
You are viewing content from a past/completed QCon -

Presentation: Designing Secure Architectures the Modern Way, Regardless of Stack

Track: Scaling Security, from Device to Cloud

Location: Fleming, 3rd flr.

Duration: 10:35am - 11:25am

Day of week: Wednesday

Slides: Download Slides

This presentation is now available to view on InfoQ.com

Watch video with transcript

Abstract

This talk aims to attack two typical conflicts any security architect is well familiar with: 

1. Most of the design thinking for preventing security incidents and performance bottlenecks focuses on avoiding known risks in a known way. However, most of the time this approach leads to cost-efficient systems that are prone to unexpected failures and attack chaining.
2. Most of risk treatment choices for both reliability and security focus on "this stack is able to do X in a certain way and no other way around": the capabilities within each technological stack to cope with risks it's facing is limited by pre-defined feature set. 

The solution? Focusing on the risk assets, and designing defenses around asset lifecycle in a way that easily translates to any technological stack.

Eugene will share his experience of implementing sophisticated defenses in constrained environments - ranging from protecting huge power grid SCADA networks to improving end-to-end encryption in small mobile applications - and why designing it properly is what counts when limitations are constraining any easy answers one may find.

Speaker: Eugene Pilyankevich

CTO @cossacklabs, Building Applied Cryptographic / Data Security Tooling

Eugene is CTO at Cossack Labs, a data security engineering company, where his job includes almost everything (as you can imagine a CTO of a small company does): defining product strategy, designing internal products and customer solutions, driving R&D efforts, ensuring the steady cycle of forming–storming–norming–performing of core engineering team. Eugene started as a software developer and ISP infrastructure engineer nearly two decades ago. Being always keen to chase causes for failures he had to deal with daily led to a chain of positions - through security engineer and software/security architect to CTO in telco, banking, and computer security industries. A life-long interest in understanding risk, human behavior, and decisionmaking under uncertain conditions made Eugene look into causes of resiliency and security problems where they actually begin: in human brains. 

Find Eugene Pilyankevich at

Last Year's Tracks