No matter if you have been in the AWS ecosystem for quite a while or just recently started a career that centers around AWS, you might have heard about the annual AWS flagship conference re:Invent (NOV. 28 – DEC. 2, 2022 | LAS VEGAS, NV) that was held in Las Vegas with around 28k attendees on-site and another 50k attendees online last year. Regional AWS Summits are comparably smaller but also well-known. But did you know that AWS has - among other online and in-person events - a 2-day in-person conference dedicated to cloud security and compliance?
re:Inforce 2022 is currently happening in Boston, MI from July 26th and 27th and has a packed agenda with security and compliance focused content across all learning levels: from Intermediate (200), over Advanced (300) to 400 (Expert)
The keynote on day one - held by Steve Schmidt (CSO at AWS, formerly CISO at AWS), CJ Moses (CISO at AWS), Lena Smart (CISO at MongoDB) and Kurt Kufeld (VP of AWS Platform) - already included a couple of very hands-on “Call to Actions” rather than marketing-heavy outlooks such as:
- Block Public Access to S3
- Use MFAs
- Encrypt everything
- Implement least privilege access
- Implement a multi-layered security architecture
Lena Smart gave some super valuable insights into how cloud security and compliance is implemented at MongoDB. She highlighted one of her favorite contributions: making security and compliance a shared mission of everyone at MongoDB by implementing an internal “security champion” program.
Steve and CJ presented some important learnings from recent vulnerabilities (Log4J is calling) and how a layered security strategy should look like in any modern cloud architecture. Followed by valuable insights on how to implement and maintain an internal security culture and a reliable and provable least privilege approach.
Of course any proper keynote needs to include some (product) announcements and this one was no different: AWS announced the
- introduction of new categories for the security competency,
- IAM Roles anywhere,
- Cloud Audit Academy updates with new learning paths for everyone involved in auditing, risk, and compliance roles
- A new Security Awareness Training for everyone
- Threat Modelling workshops
- Amazon Detective for EKS
- Amazon GuardDuty Malware Detection
Apart from this I am amazed by the many hands-on and playful opportunities to get a grip on security and compliance by joining AWS Security Jams or Capture the Flag, a reverse escape room or a “chaos kitty” to visualize the “security chaos energy” - so much more to discover on day two.
Even though re:Inforce is far from being a small intimate event, I really like the hands-on and super focused content across all of the sessions.
If you missed re:Inforce, no worries: luckily most of the content is made available as on-demand content afterwards!