The Joy Of Intelligent Proactive Security

ShmooCon XI - 2015

Presented by: Scott Behrens, Andy Hoernecke (@ahoernecke)
Date: Saturday January 17, 2015
Time: 15:00 - 15:50
Location: Belay It

Netflix is amongst the largest users of the public cloud, consuming roughly 30% of all the US’s downstream bandwidth at peak. Multiple concurrent code bases, continuous deployments, regional content, and an ever-changing threat landscape make vulnerability and asset management difficult. In order to battle this dynamic environment, we have taken an approach of automating, simplifying, and collecting actionable data with proactive security.

This presentation will assert that the agility of modern infrastructure requires a different approach to security. We look at common areas of a mature security program: identifying and addressing potential issues, monitoring for attacks and anomalies, understanding your environment, collecting and sharing information, all while constantly reevaluating your approach. We will also walk through a few real world cases where intelligent proactive security has simplified Netflix’s response time for identifying, responding to, and remediating security issues.

We will also provide demonstrations of a number of Netflix applications that are currently or soon-to-be open sourced that can help you simplify your security program regardless of whether you operate in the cloud or data center.

Attendees will leave this talk with real world strategies, techniques, and Netflix open source tools they can use in their own organizations.

Scott Behrens

Scott Behrens and Andy Hoernecke are both security evangelists at Netflix focusing on application security engineering as part of the Product and Application Security team. Scott loves security research and has previously spoken at DEF CON, Derbycon, Shakacon, Chicago B­sides, and a handful of other security conferences.

Andy Hoernecke

Scott Behrens and Andy Hoernecke are both security evangelists at Netflix focusing on application security engineering as part of the Product and Application Security team. Prior to Netflix, Andy built the application security program for a Fortune 100 retailer, and taught web application security to grad students at DePaul University.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats