re:Invent Guide: For Practical Security

Community Hero

Mark Nunnikhoven explores the impact of technology on individuals, organizations, and communities through the lens of privacy and security. Asking the question, "How can we better protect our information?" Mark studies the world of cybercrime to better understand the risks and threats to our digital world.

As the Vice President of Cloud Research at Trend Micro, a long time Amazon Web Services Advanced Technology Partner and provider of security tools for the AWS Cloud, Mark uses that knowledge to help organizations around the world modernize their security practices by taking advantage of the power of the AWS Cloud.

With a strong focus on automation, he helps bridge the gap between DevOps and traditional security through his writing, speaking, teaching, and by engaging with the AWS community.

Security is complicated. At least that’s the way it’s typically talked about, often obscured in a mountain of jargon with an undertone of fear and menace. Nothing could be further from the truth.

The goal of cybersecurity is simple: to make sure that whatever you’ve built works as intended—and only as intended.

Traditionally, security teams are a group of outsiders saddled with an impossible task: to secure applications and workloads that have already been designed and deployed, and are supporting customers. That’s a costly and ineffective way of doing things.

Building well in the AWS Cloud means weaving security into everything that you do. It’s one of the five pillars of the AWS Well-Architected Framework, and when you start thinking about security from day one, what was once complicated becomes much, much simpler.

This guide highlights a number of talks that will help you build a modern understanding of security. My goal in writing this guide was to show security professionals and builders alike that their goals are the same: to solve customer problems reliably.

There’s way too much content at AWS re:Invent 2019 to provide this as a chronological guide (an awesome problem to have!), so I’ve broken it up into four main sections. Each of these sections centers on a single aspect of making you a better builder.

Recommended Sessions

If you want to weave security into business innovation

Security doesn’t exist in a vacuum. It’s part of the business, and understanding how that business is changing is key to understanding how your security practice has to adapt.

ARC203

Innovation at speed ›

Start off by listening to cloud legend Adrian Cockcroft › explain digital transformation using real-world examples. Adrian has helped businesses at all stages and in all verticals as they work through the culture change that the cloud empowers. This session will give you a high-level overview of the current and future business culture landscape that you’re operating in.

ARC218-L

Leadership session: AWS architecture ›

You can’t work security into what you’re building if you don’t understand how that solution is being designed and built! This leadership session shows you the key challenges architects face and highlights some of the tools available to help build better in the AWS Cloud.

SEC201-L

Leadership session: AWS security ›

Two years ago at AWS re:Invent 2017, Stephen Schmidt ›—AWS’s CISO—delivered what is probably the best 13 minutes of video › on modern applied security. Look for more of the same in this leadership session, in which Stephen shows what’s possible in modern security and what AWS is doing to help you get there.

SEC202-R

AWS Well-Architected: Best practices for securing workloads ›

Ben Potter › from the AWS Well-Architected team leads this session that will help you align your security efforts with the other four pillars in the AWS Well-Architected Framework ›.

If you want to understand the key building blocks

The AWS Cloud is comprised of an ever-growing set of services. The following sessions will give you insights into core areas that you’ll see time and time again in your builds.

ARC304-R

From one to many: Diving deeper into evolving VPC design ›

A classic AWS session. This talk is focused on how customer needs change over time and how your VPC design will change to reflect those needs. It does a great job of discussing constraints and how to address them, critical knowledge for any builder.

NET320-R

The right AWS network architecture for the right reason ›

The title of this session says it all.

NET314-R

Use AWS Transit Gateway to interconnect multi-account VPCs ›

AWS Transit Gateway has quickly become a critical service for most enterprises…whether they know it or not. This service can greatly simplify a lot of complex networking setups, and this deep dive will show you how.

CON334-R

Running high-security workloads on Amazon EKS ›

If you’re running containers at any reasonable scale, Kubernetes is going to be a life saver. But it in itself quickly becomes critical infrastructure. Using a managed service like Amazon EKS is a smart move and this session will walk you through the key areas where you should focus your efforts when integrating Amazon EKS in your environment.

CON328-R

Improving observability of your containers ›

The speed at which modern applications change has caused a shift in how we operate and secure them. Moving from monitoring to observability is a strong step forward. This session is focused on observability in containers but has lessons that apply to your entire infrastructure.

SVS308

Moving to event-driven architectures ›

Internet luminary Tim Bray › delivers this talk about event-driven architectures. A lot of serverless designs take advantage of these concepts, and the pattern is an important one in modern application development. This session will help you understand the pattern, its implementation, and implications.

STG301-R

Deep dive on Amazon S3 security and management ›

Amazon S3 is one of the core services in the AWS Cloud. Don’t let its simplicity—that’s one of those S’s—fool you; there are plenty of options and considerations to safely get the most out of this amazing service.

If you want to understand where to focus your security efforts

A common pitfall for security practitioners is to try to tackle everything right away. These sessions cover the critical principles of cloud security and provide a fantastic place to start your cloud journey.

SEC205-R

The fundamentals of AWS cloud security ›

This session from senior principal engineer Becky Weiss covers the fundamental patterns and concepts for security throughout the AWS Cloud. She also discusses the basics of network security, IAM, and data encryption.

SEC209-R

Getting started with AWS identity ›

Becky Weiss is back on the list with another foundational talk. This time it’s about identity. This is a critical security concept and one you have to make sure you get right. This session will start you on the right path so you manage identity in a logical and automated fashion for your builds.

SVS310

Securing enterprise-grade serverless apps ›

Serverless applications are quickly becoming commonplace. Unlike any other architecture, these applications challenge traditional views on security to the breaking point—and that’s a very good thing. This session walks you through some basic security techniques for serverless applications and will help you understand the difference between traditional and modern security approaches.

SEC318-R

DIY guide to runbooks, incident reports, and incident response ›

This is a great session that looks at some of the tools available to the community to help respond to incidents. It’s a collection of practical, battle-proven tips and tricks from a number of different teams, including Mozilla (presented by Andrew Krug ›).

If you want to make your security tasks easier

At its heart, the AWS Cloud is an amplifier. It lets teams do more with less. Security is no different. Automation is the key to successful security. These sessions help to bring you up to speed on the latest in this area.

DOP302-R

Best practices for authoring AWS CloudFormation ›

Infrastructure as code is a best practice for a reason. Not only does it make builds fast and repeatable, it’s also a fantastic opportunity for validation of your builds. This session shows practical examples of AWS CloudFormation in action while providing tips and tricks to improve your templates.

DOP402-R

Deep dive into AWS Cloud Development Kit ›

The AWS Cloud Development Kit is the new kid on the cloud, allowing you to define your AWS resources in several programming languages. This new tool is quickly gaining popularity in the community and this session explores the details that make it tick.

MTG303-R

How to ensure configuration compliance ›

This isn’t a security guide unless it has at least one mention of compliance. After all, everyone needs a nap at some point, right? Seriously though, compliance is a critical aspect of building and validating builds. This session covers a number of AWS features and services that will help automate your compliance requirements and help you shift your practice to a continuous-compliance mindset.

MTG301-R

Cut through the chaos: Gain operational visibility and insight ›

This is the second time that observability makes an appearance in this guide. This session explores the bigger picture of observability and highlights a number of AWS tools that will make your job of making sure that everything is working easier.

Conclusion

AWS re:Invent 2019 is just the start…

This year’s event is going to be chock full of amazing content. There’s no way you can take it all in during the week. This guide has been designed to help you get a strong foundation in a modern approach to security. These sessions will help you make sure that whatever you’ve built works as intended…and only as intended.

In addition to what I’ve recommended here, I strongly suggest that you check out the talks in the Developer Lounge. The lounge is community driven and has been immensely popular through the AWS Summits this year and in years past. It’s usually standing room only, as other like-minded builders gather around to hear from community members on a variety of topics. Check out sessions with “DVC” in their ID in the catalog to learn more.

Let me know on Twitter (where I’m @marknca) if you’ve found this guide helpful. As an AWS Community Hero, I enjoy giving back to the community and helping others learn how to build well in the AWS Cloud. Leading up to AWS re:Invent, I’m doing a number of live streams covering various AWS topics, and be sure to read my “ 2019 AWS re:Invent Ultimate Guide” for insider tips and tricks about the show.

Explore other AWS Hero Guides ›

Registration now open

Register now