AWS re:Inforce 2022

Friends don't let friends do compliance alone

No matter if you have been in the AWS ecosystem for quite a while or just recently started a career that centers around AWS, you might have heard about the annual AWS flagship conference re:Invent (NOV. 28 – DEC. 2, 2022 | LAS VEGAS, NV) that was held in Las Vegas with around 28k attendees on-site and another 50k attendees online last year. Regional AWS Summits are comparably smaller but also well-known. But did you know that AWS has - among other online and in-person events - a 2-day in-person conference dedicated to cloud security and compliance?

re:Inforce 2022 is currently happening in Boston, MI from July 26th and 27th and has a packed agenda with security and compliance focused content across all learning levels: from Intermediate (200), over Advanced (300) to 400 (Expert)

reinforce image

The keynote on day one - held by Steve Schmidt (CSO at AWS, formerly CISO at AWS), CJ Moses (CISO at AWS), Lena Smart (CISO at MongoDB) and Kurt Kufeld (VP of AWS Platform) - already included a couple of very hands-on “Call to Actions” rather than marketing-heavy outlooks such as:

  • Block Public Access to S3
  • Use MFAs
  • Encrypt everything
  • Implement least privilege access
  • Implement a multi-layered security architecture

Lena Smart gave some super valuable insights into how cloud security and compliance is implemented at MongoDB. She highlighted one of her favorite contributions: making security and compliance a shared mission of everyone at MongoDB by implementing an internal “security champion” program.

reinforce image 2

Steve and CJ presented some important learnings from recent vulnerabilities (Log4J is calling) and how a layered security strategy should look like in any modern cloud architecture. Followed by valuable insights on how to implement and maintain an internal security culture and a reliable and provable least privilege approach.

reinforce image 3

Of course any proper keynote needs to include some (product) announcements and this one was no different: AWS announced the

reinforce image 4

Apart from this I am amazed by the many hands-on and playful opportunities to get a grip on security and compliance by joining AWS Security Jams or Capture the Flag, a reverse escape room or a “chaos kitty” to visualize the “security chaos energy” - so much more to discover on day two.

Even though re:Inforce is far from being a small intimate event, I really like the hands-on and super focused content across all of the sessions.

If you missed re:Inforce, no worries: luckily most of the content is made available as on-demand content afterwards!