Event

Security Symposium New York, 2018

  • June 14, 2018
  • 151 West 42nd Street New York, NY 10036
  • Convene 4 Times Square

SECURING THE MODERN ENTERPRISE USING OPEN SOURCE

Join the Security Symposium, where cybersecurity professionals can learn and network alongside Red Hat and Intel security experts, partners, and industry peers. No one can solve IT security issues alone. Solving problems together as a community is the future of technology.

WHAT TO EXPECT

The Security Symposium is a full-day event with industry experts covering the latest upstream and enterprise security developments. Attendees will network and collaborate with peers and Red Hat engineers to discuss security challenges organizations face.

EVENT KEYNOTE SPEAKER—Steve Orrin, federal chief technologist, Intel Corporation

Steve Orrin is chief technologist for Intel Corporation’s Federal Division and is responsible for cybersecurity and cloud strategy, federal solution architectures, and engagements. He has held architectural leadership positions at Intel, and is the creator of Trusted Compute Pools secure cloud architecture and co-author of NIST’s IR-7904 “Trusted Geo-Location in the Cloud.”

Steve was previously CSO for Sarvega, CTO of Sanctum, CTO and co-founder of LockStar, and CTO at SynData Technologies. He was named one of InfoWorld's Top 25 CTO's of 2004 and, in 2016, received Executive Mosaic’s Top CTO Executives Award. He is a fellow at the Center for Advanced Defense Studies and a guest researcher at the NIST’s National Cybersecurity Center of Excellence (NCCoE).

WHO SHOULD ATTEND

IT business leaders, security professionals, operations professionals, and application developers who are focused on securing their organization’s infrastructure and applications.

Morning keynote: Why we are still losing the InfoSec battle and how do we get back in the race?

9:30 a.m.-10:30 a.m.

Steve Orrin, federal chief technologist, Intel Corporation

In the current security paradigm, security teams are losing to threat actors and falling further behind. We need novel approaches to reducing the threat curve by integrating solutions across cyber threat intelligence and analytics, continuous monitoring, automation, and information sharing. Analytics and Machine Learning have had a transformative impact on threat intelligence. It’s a paradigm-shifting improvement as-is, and its impact can be further augmented by the application of foundational security hygiene, continuous monitoring, information sharing, and automation. These key elements working in concert will change the security landscape from its current gradual pace to a much more rapid rate of improvement and risk reduction. The session will highlight strategies, innovations and illustrate how we as a community must come together to meet the evolving threats and risks to organizations, users and our data.

Back to top

Afternoon keynote: Container Security and new container technologies

3:30 p.m.-4:20 p.m.

Dan Walsh, consulting engineer, Red Hat

This talk will update the latest state of container security technology and cover new container technology and how it enables some of these features.

It will explain all of the parts of the OS that are being used to control what containers can do on a system.

  • Read/Only system mounts, SELinux, User Namespace, Seccomp, Cgroups.
  • OpenShift concept of running containers as non-root by default.

It will introduce new tools including CRI-O, buildah, podman for running containers. And new features in these tools to run in a more secure mode.

CRI-O - A container runtime for running kubernetes workloads.
Security Features:

  • Read-only node forces your kubernetes environment to only run containers that can not modify their images.
  • User Namespace support.
  • Simplified Kubernetes Container Runtime Interface.
  • Kubernetes Dedicated Runtime, Smaller Simpler daemon, only functionality required by Kubernetes.

Podman:

  • Replacement container runtime CLI for Docker.
  • User Namespaces Support.
  • No bigfatdaemon listening for incoming connections.
  • Simpler fork/exec model of running containers versus Client Server.
  • Better Auditing.
  • Mount - able to mount container images for examination by scanners.

Buildah:

  • No bigfatdaemon listening for incoming connections.
  • Less privileged mode, able to build inside of a container.
  • Able to build much smaller container images, no need to have build artifacts in your container images.
  • Mount - able to mount container images for examination by scanners.

Skopeo
Support for multiple container storages including:

  • Container runtimes, docker storage, container/storage for sharing content with CRI-O, Buildah, Podman.
  • Converting from Docker image format to OCI Image format.
  • Remote inspection of container image json.

Back to top

TRACK 1: Ops Track

Overview of the security technologies in Red Hat Enterprise Linux

10:45 a.m.-11:35 a.m.

Dmitri Pal

Red Hat Enterprise Linux includes a variety of technologies that allow customers building layers of protection of their datacenter and working towards meeting compliance requirements. The presentation will give a high level overview of the available and emerging technologies like OpenSCAP, SELinux, Crypto, Policy Based Decryption, USBGuard, Identity Management and others and will provide pointers and references available materials for further reading.

Back to top

Application whitelisting and automated threat response

11:35 a.m.-12:25 p.m.

Steve Grubb

Application whitelisting is an effective way of preventing unknown software from executing on a machine. This presentation will detail an open source implementation that is available in Fedora. We will also look at how the information from an application whitelisting daemon can be leveraged in real time to maintain system integrity. An overall strategy will be outlined showing how this piece fits into a broader security context.

Back to top

Secure Application Connectivity: Dynamically Securing OpenShift Workload Communications at Scale

1:30 p.m.-2:20 p.m.

Cody McCain

Orchestrated workloads, and by extension, their network identities are ephemeral. This coupled with peer-to-peer topologies proliferated due to microservice adoption is rendering traditional and static network security devices irrelevant. This session demonstrates distributed and just-in-time policy rendering that protects workloads across layers 3-7 of the network stack. We will also discuss how to compose, manage and operate micropolicies in an OpenShift and cloud-native world.

Back to top

Automating security and compliance for hybrid environments

2:30 p.m.-3:20 p.m.

Lucy Kerner

Maintaining visibility, control, security, and ensuring governance and compliance remains paramount. However, it becomes more difficult and time consuming in a hybrid infrastructure consisting of physical, virtual, cloud, and container environments. In this session, you’ll learn how a combination of Red Hat CloudForms, Red Hat Satellite, Red Hat Insights, Red Hat Ansible Automation, and OpenSCAP can help you with these challenges in your hybrid infrastructure by automating security and compliance. Specifically, in your hybrid infrastructure, you’ll learn how to easily provision a security-compliant host, how to quickly detect and remediate security and compliance issues, how to ensure governance and control in an automated way, how to do proactive security and automated risk management, how to perform audit scans and remediations on your systems, and how to automate security to ensure compliance against regulatory or custom profiles.

Back to top

TRACK 2: Dev Track

Secure Application Authentication with Red Hat SSO

10:45 a.m.-11:35 a.m.

John Doyle

Ensuring the required secure authentication and authorization policies are applied to web applications is a critical task. Red Hat Single Sign-On provides the capabilities to centrally manage the users, groups, roles and permissions for your applications via standards developed for the web like OAuth and OpenID Connect, in both traditional and orchestrated environments. This session will cover the core capabilities of Red Hat SSO including password policies, user federation, identity brokering, and social login.

Back to top

Security first: Automating CI/CD pipelines and policing applications

11:35 a.m.-12:25 p.m.

Justin Goldsmith

Recent public breaches highlight the importance of a security strategy that extends beyond the network perimeter. Applications developed and maintained without security in mind present a likely entry point for malicious attackers. Preventive measures should be taken to reduce vulnerabilities that can avoid zero-day attacks.

As organizations adopt containers, an automated approach to security, testing, and application development is needed to increase productivity and reduce risk.

During this session, you'll learn how the Red Hat OpenShift Container Platform can be used to:

  • Integrate security monitoring software into CI/CD pipelines for containerized applications.
  • Know what's in your containers and where they come from, which is vital to secure and quickly remediate workloads.
  • Enhance open source library security, in true DevSecOps fashion, and establish a security-first mindset for application development.

Back to top

Charting the course of API security over time: past, present and future

1:30 p.m.-2:20 p.m.

Yossi Koren and Kavitha Srinivasan

The API Security Journey
From local to federated model

Security Approach & Strategy
Evaluate your API needs

Best Practice & Trends
Form API Keys to OpenID

The API gateway model
Native, Docker, OpenShift & Plug-in approach

API Security Outlook (TBD)
Security Roadmap

Back to top

Go faster but check your brakes - serverless security

2:30 p.m.-3:20 p.m.

Rich Sharples

Serverless is rapidly gaining a foothold in the developer's toolbox and promises extreme scale and efficiency while speeding up development of modern cloud-native applications but it does require that we think about security a little differently. Contemporary distributed applications (including traditional long-running microservices and serverless) give the malicious attacker (or inattentive developer) new opportunities to wreak havoc. This session will present some of the considerations and what to do about them.

Back to top

About the hosts

Steve Orrin

Federal Chief Technologist

Intel Corporation

Steve Orrin is Chief Technologist for Intel Corp’s Federal Division and is responsible for Cyber Security and Cloud Strategy, Federal Solution Architectures and Engagements. Steve has held architectural leadership positions at Intel where he has led strategy and projects on Identity, Anti-malware, HTML5 Security, Cloud and Virtualization Security, and is the creator of Trusted Compute Pools Secure Cloud Architecture and co-author of NIST’s IR-7904 “Trusted Geo-Location in the Cloud”. Steve was previously CSO for Sarvega, CTO of Sanctum, CTO and co-founder of LockStar, and CTO at SynData Technologies. Steve is a recognized expert and frequent lecturer on enterprise security and was named one of InfoWorld's Top 25 CTO's of 2004 and, in 2016, received Executive Mosaic’s Top CTO Executives Award. He is a fellow at the Center for Advanced Defense Studies and a Guest Researcher at the NIST’s National Cybersecurity Center of Excellence (NCCoE).

Justin Goldsmith

Technical Consulting Architect, Financial Services

Red Hat

Justin Goldsmith, a Technical consulting architect in Red Hat’s Financial Services practice, has worked extensively with Red Hat® OpenShift, successfully migrating legacy applications to containers and building net-new OpenShift native applications. Justin focuses on CI/CD and DevOps, emphasizing automation benefits in each step of the software development life cycle. Recently, he's been stressing the importance of including security analysis of applications upfront in the CI/CD process.

Yossi Koren

Sr. Solution Architect, API & Agile Integration

Red Hat

Focusing on enterprise solutions that leverage API integration and management platforms as part of the Red Hat middleware team. Yossi has been involved in the SOA and API integration projects since 2008, and working closely with the Red Hat middleware products as a partner from 2015 and joined Red Hat as part of the 3scale acquisition. He has extensive experience in application and API integration technologies and solutions enabling IT and enterprise digital transformation.

Dmitri Pal

Director, Software Engineering

Red Hat

Dmitri Pal is an Engineering Director at Red Hat. He is responsible for security and identity management projects and products provided as a part of Red Hat Enterprise Linux ecosystem. Dmitri has more than twenty years of security and identity management experience.

Steven Grubb

Security Architect

Red Hat Enterprise Linux Engineering

Steve Grubb is a Senior Principal Engineer whose role in Red Hat Enterprise Linux (RHEL) Engineering is as a Security Architect with a focus on Security Certifications (such as Common Criteria and FIPS-140) and configuration Guidance (such as DISA STIG, USGCB, and the CIS RHEL Benchmark). He also performs Software Assurance studies such as reviewing protection mechanisms, threats, and vulnerability detection and analysis to guide product development to a safer posture.

Daniel J Walsh

Consulting Engineer

Red Hat

Daniel Walsh has worked in the computer security field for over 35 years. Dan is a Consulting Engineer at Red Hat since August 2001. Dan leads the Red Hat Container Engineering team since August 2013, after working on container technology for several years. Dan currently focusess on the CRI-O Container Runtime, Buildah for building container images, Podman a tool for managing containers and pods, containers/storage and containers/image. Dan is a major contributor to the Docker/Moby project. Dan also developed a lot of the software on Project Atomic. He has led the SELinux project, concentrating on the application space and policy development. Dan helped developed sVirt, Secure Virtualization as well as the SELinux Sandbox back in RHEL6 an early desktop container tool. Previously, Dan worked Netect/Bindview's on Vulnerability Assessment Products and at Digital Equipment Corporation working on the Athena Project, AltaVista Firewall/Tunnel (VPN) Products. Dan has a BA in Mathematics from the College of the Holy Cross and a MS in Computer Science from Worcester Polytechnic Institute. Email: dwalsh@redhat.com

John Doyle

Senior Principal Product Manager, Middleware Portfolio

Red Hat

John Doyle has been a Product Manager in the JBoss Applications Platforms group for more than seven years. In that time his responsibilities have included JBoss EAP, JBoss Web Server, and Management and Monitoring. His current responsibilities include Red Hat Single Sign-On and OpenJDK. Prior to his role in product management, John was an engineer on Red Hat Data Virtualization.

Lucy Kerner

Security Global Technical Evangelist and Strategist

Red Hat

Lucy Kerner is currently the global security technical strategist and evangelist at Red Hat and helps drive thought leadership and the global go-to-market strategy for security across the entire Red Hat portfolio. Lucy creates and delivers security related technical content to the field, customers, and partners and has spoken at numerous internal and external events and is a 2017 and 2016 Red Hat Summit Top Presenter. Prior to her current role, she was a Senior Cloud Solutions Architect for the North America Public Sector team at Red Hat. Lucy has over 15 years of professional experience as both a software and hardware development engineer and a pre-sales solutions architect. Prior to joining Red Hat, she worked at IBM as both a Mainframe microprocessor design engineer and a pre-sales solutions architect for IBM x86 servers. She has also interned at Apple, Cadence, Lockheed Martin, and MITRE, where she worked on both software and hardware development. Lucy graduated from Carnegie Mellon University with an M.S. and B.S. in Electrical and Computer Engineering and a minor in Spanish.

Kavitha Srinivasan

Solutions Architect, API Management and Middleware

Red Hat

Kavitha is a Solutions Architect with Red Hat currently specializing in API Management, Business Process management and Decision Management systems.

She has extensive experience in architecting productionized solutions for fortune 500 companies on various middleware and integration technologies.

She loves to compose pragmatic technology solutions to address complex business usecases for customers undertaking digital transformation initiatives.

Rich Sharples

Senior Director of Product Management

Red Hat

Rich is the Senior Director of Product Management in the Application Platforms Business Group at Red Hat. He has spent the last twenty years evangelizing, using and designing Enterprise Middleware; he previously worked for Forte Software and Sun Microsystems and as an independent software developer and consultant building large distributed software systems for the space, transport, telecom and energy sectors.

Rich served on the node.js Foundation Board of Directors and helped it transition from BDFL to open, independent foundation and for the last decade - has been working across the industry to help create a truly open, collaborative ecosystem for Java.

In his spare time he enjoys tinkering with new and emerging technology, running, cycling and anything that gets him outdoors.

Cody McCain

Solutions Architect

Tigera

Cody McCain carries the Tigera flag in NYC where he helps customers connect and secure all manner of things within the fabric. Prior to his current role, Cody provided Kubernetes training and implementation services at Apprenda and led Enterprise Architecture at GE Global Research. Cody has served in technology leadership roles across multiple verticals including energy, manufacturing, entertainment, and security. Cody has a B.S. in Physics from Abilene Christian University and is passionate about cloud native software development and distributed computing.