You are viewing content from a past/completed QCon

Presentation: Designing Secure Architectures the Modern Way, Regardless of Stack

Track: Scaling Security, from Device to Cloud

Location: Fleming, 3rd flr.

Duration: 10:35am - 11:25am

Day of week: Wednesday

Slides: Download Slides

Share this on:

This presentation is now available to view on InfoQ.com

Watch video with transcript

Abstract

This talk aims to attack two typical conflicts any security architect is well familiar with: 

1. Most of the design thinking for preventing security incidents and performance bottlenecks focuses on avoiding known risks in a known way. However, most of the time this approach leads to cost-efficient systems that are prone to unexpected failures and attack chaining.
2. Most of risk treatment choices for both reliability and security focus on "this stack is able to do X in a certain way and no other way around": the capabilities within each technological stack to cope with risks it's facing is limited by pre-defined feature set. 

The solution? Focusing on the risk assets, and designing defenses around asset lifecycle in a way that easily translates to any technological stack.

Eugene will share his experience of implementing sophisticated defenses in constrained environments - ranging from protecting huge power grid SCADA networks to improving end-to-end encryption in small mobile applications - and why designing it properly is what counts when limitations are constraining any easy answers one may find.

Speaker: Eugene Pilyankevich

CTO @cossacklabs, Building Applied Cryptographic / Data Security Tooling

Eugene is CTO at Cossack Labs, a data security engineering company, where his job includes almost everything (as you can imagine a CTO of a small company does): defining product strategy, designing internal products and customer solutions, driving R&D efforts, ensuring the steady cycle of forming–storming–norming–performing of core engineering team. Eugene started as a software developer and ISP infrastructure engineer nearly two decades ago. Being always keen to chase causes for failures he had to deal with daily led to a chain of positions - through security engineer and software/security architect to CTO in telco, banking, and computer security industries. A life-long interest in understanding risk, human behavior, and decisionmaking under uncertain conditions made Eugene look into causes of resiliency and security problems where they actually begin: in human brains. 

Find Eugene Pilyankevich at

Last Year's Tracks