Join us on Tuesday, May 21 for an incredible double bill:  

Authentication Beyond SMS
by Kelley Robinson

&

Confidence as Code: Automated Security Testing in Cloud Environments
by Brad Geesaman

Abstract
In an age when a new data breach is revealed with frightening regularity, developers have a responsibility to secure our applications' user data more than ever. But fear not, YOU have the power to deter the hackers! You may recognize Two-factor Authentication (2FA) as an additional safeguard for protecting accounts, but do you really know how it works? This talk will show you how to implement One Time Passwords (including what's happening under the hood of those expiring tokens) and even provide a legitimate use case for QR codes! You'll come away recognizing the different approaches to implementing a 2FA solution and have a better understanding of the one that's right for your application. Together, we'll make the web a more secure place.

Speaker bio
Kelley works on the Account Security team at Twilio in NYC, helping developers manage and secure customer identity in their software applications.

Abstract
Given the extreme focus on delivery velocity in cloud-native environments, one of the biggest challenges for security and compliance teams is simply to keep up with the state of their highly dynamic infrastructure. Assessing a constantly-moving target without the right approach can result in insecure configurations and increased organizational risk. With a slight change in mindset and a increased focus on automated security testing, we can gain a more complete picture of the environment and continuously ensure security policy conformance. In this talk, we will outline a strategy for testing a sample cloud environment running a Kubernetes cluster from several different user perspectives and demonstrate automated testing to validate conformance to a desired state.

Speaker bio
Brad is an Independent Security Consultant helping clients improve the security of their Kubernetes clusters and supporting cloud environments. He was recently the Cyber Skills Development Engineering Lead at Symantec Corporation where he supported the operations and delivery of ethical hacking learning simulations on top of Kubernetes in AWS. Although he spent several years as a penetration-tester, his real passion is educating others on the real-world security risks inherent in complex infrastructure systems through demonstration followed by practical, usable advice on detection and prevention.

Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, May 21, 2019 at 6:30 pm

Center for American Progress (CAP)

1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.