The USENIX LISA 2016 Conference: In Their Own Words

The USENIX LISA 2016 Conference wrapped up a week ago after a tremendous five-day program of workshops, training sessions, presentations, talks, and more. Our own Pat Cable, Threat Stack Security Engineer, lent his expertise as “Invited Talks Co-Chair,” and Threat Stack was a proud sponsor of the event.

Full length presentations and videos will soon be available on the LISA site, but we thought it would be fun and informative to follow LISA’s motto of “More Craft, Less Cruft” by bringing you short video interviews with five LISA16 attendees and presenters.

So in their own words, here’s what they had to say about their favorite projects, the importance of security, and anything else that was top of mind.

1. Ken Cochrane: Engineering Manager, Docker

First up is Ken Cochrane, who had some interesting things to say about the interdisciplinary team approach he uses at Docker.

According to Ken, his diverse but tightly integrated group of Security, Dev, and Ops specialists has a breadth and depth of knowledge that enables them to anticipate problems, hatch creative solutions, and produce superior code more effectively than single discipline teams — all while accelerating the development process. Sounds like an ideal DevSecOps team achieving great success in the real world!



 

2. Jamie Riedesel, DevOps Engineer, HelloSign

Jamie Riedesel, with 19 year’s experience as a Systems and DevOps engineer, spoke about major and much-needed updates that are coming in the world of password security. Summarizing these views in the phrase “NIST is saving our butts,” Jamie explained that traditional password composition rules and standard policies (e.g., 90 day rotations) actually weaken security, but are — fortunately for our butts — about to be replaced with a new paradigm of behavior-based rules that will be enshrined in federal standards. As such, they will have a positive impact on security practices.

Jamie went on to speak about automation and streamlining reforms that will help bring compliance into the 21st century, making it easier to manage and maintain.

 

3. Corey Quinn, The Quinn Advisory Group

Corey Quinn, Principal of The Quinn Advisory Group, spoke about cost containment in the cloud and explained how his organization “Helps fix horrifyingly large AWS bills without turning off things that people are using.” Comparing his programmatic approach to the incremental tactics used in many security strategies, Corey explained that, “If you change a few fundamental precepts, you can [quickly] shave a tremendous amount off your bill.” Security follows a similar model: you do the things you can do first (such as implement 2FA), realize the gains, and then go into more depth in your individual environment.

 

4. Amye Scavarda, Gluster Community Lead, Red Hat

Taking a page out of J.R.R. Tolkien’s The Lord of the Rings, Amye offered an imaginative model for managing information security. According to Amye, “Each character in the Lord of the Rings can be part of the way you manage your security events.”

Interested? Take a look at the outline of her LISA16 talk: The Road to Mordor: Information Security Issues and Your Open Source Project.



 

5. VM (Vicky) Brasseur, Senior Software Manager, HPE

Amongst our colleagues, we most often speak about security in terms of systems and data — so it was interesting to speak with Vicky just after she’d given a talk on why it’s safe to fail (Failure: Why It Happens & How to Benefit From it).

Vicky zeroed in on one aspect of her talk — psychological safety — which is the ability to feel mentally comfortable in a workplace. It’s easy to see parallels between psychological safety and the security of systems and data. As Vicky pointed out, a workplace that is psychologically safe allows people to be their most productive and innovative; a system that is secure creates an environment where a business can focus on its core competencies and customers as well as growth and profitability. Just as industry is becoming increasingly appreciative of the value of systems and info security, it is also placing greater value on psychologically safe work environments.