PuppetConf track overview: Security
Transcript of PuppetConf track overview: Security
A Year in Open Source Automated Compliance With Puppet
This session will provide the attendee with a look at what the SIMP project has achieved since its debut at PuppetConf 2015. Topic covered will include a brief overview of the SIMP project, the creation of a public community, new features, the automated CI process, code level attestation of Puppet parameters to Policy, lessons learned, and a glimpse of the future.
2
Thursday, October 20 | 1:30 pm
Trevor VaughanVP Engineering, Onyx Point, Inc.
Security
Security Roadmap: How We Are Helping You When Everything is Burning
This talk will be a walk thru of the puppet security roadmap, where Puppet fits in the world of Security and the world of Compliance. Including, identifying what is burning, how to catch things before they burn, and why these features fit in with defining and aligning security with a DevOps approach. Additionally, we will do a demo and walk thru of what we have done to date. This will span things like our Corrective Change feature to PQL.
3
Thursday, October 20 | 2:30 pm
Verne Lindner
Beth CornilsSr. Product Manager, Puppet
UX Designer, Puppet
Security
Nice and Secure: Good OpSec Hygiene With Puppet!
Puppet is a great first step to making your environment more secure. Evolving your system setup into infrastructure as code allows a clear audit trail and more inspection of your current state, allowing you to shine a light on any problem areas in your estate. But how do we make sure our Puppet setup doesn't make things less secure whilst making it easier to automate? We're going to talk about:
4
Thursday, October 20 | 4:45 pm
Professional Services Engineer, PuppetPeter Souter
Security
● Making sure security is part of your workflow, rather than an afterthought.
● Best practise with hardening your Puppet architecture.● Secrets management with the Puppet toolchain.● Keeping your code clear of plaintext passwords.
Using HashiCorp's Vault With Puppet
One common challenge organizations often face when adopting secret management solutions like Vault into their infrastructure is how to fetch secrets from Vault using a configuration management tool like Puppet. In addition to providing a high-level overview of Vault and Vault's architecture, this example-driven talk details a few techniques for retrieving secrets from Vault using Puppet by bridging the gap between runtime and build time data. Join me on an adventure as we move our secrets from Hiera to Vault.
5
Friday, October 21 | 11:15 am
Seth VargoDirector of Evangelism, HashiCorp
Security
Puppet as Security Tooling
As a Puppet user, you know the value of Puppet for configuration management, deployment, and delivery of your applications. What you may not know is that it is also a powerful tool for securing your environment and for meeting your compliance and auditing needs. In this session you’ll see how Puppet can provide policy enforcement, help monitor compliance requirements, and help with fast response to security issues. I’ll speak about my experience running a small security program using Puppet and provide you guidance about where to look to make wins for your organization.
6
Friday, October 21 | 2:30 pm
Bill WeissManager of SysOps, Puppet
Security
How You Actually Get Hacked
One common challenge organizations often face when adopting secret management solutions like Vault into their infrastructure is how to fetch secrets from Vault using a configuration management tool like Puppet. In addition to providing a high-level overview of Vault and Vault's architecture, this example-driven talk details a few techniques for retrieving secrets from Vault using Puppet by bridging the gap between runtime and build time data. Join me on an adventure as we move our secrets from Hiera to Vault.
7
Friday, October 21 | 3:45 pm
Ben HughesSecurity Engineer, Etsy
Security
Want to explore more PuppetConf sessions? View our full agenda and other tracks at puppet.com/puppetconf
Trevor VaughanVP Engineering, Onyx Point, Inc.
Trevor is a co-founder of Onyx Point, Inc. and has been using Puppet since 0.24 to automate pretty much everything. He is the organizer of the Baltimore Puppet Users Group and a voracious Open Source supporter. He is also the technical lead for the SIMP project, released by the National Security Agency, to improve the availability of compliant managed platforms to the systems management industry.
Beth CornilsSr. Product Manager, Puppet
Beth Cornils is a product manager for Insights and Visibility, Security, and PuppetDB. She's spent the last 2 years at Puppet learning about why sysadmins and security people do what they do. Turns out, Developers, Operations, and Security people have different motivators. Who knew! Most important lesson learned from Ops this year, no one cares about my feature the way I do. They only care how much glue is needed to make it work. Opservations, they keep me honest.
Verne LindnerUX Designer, Puppet
Verne Lindner is part of the user experience team at Puppet. As part of her team, she has designed change reporting tools for PE's graphical user interface, as well as the GUI's node graph. She is currently working on aggregate and historical reporting tools for Puppet-managed systems.
Peter SouterProfessional Services Engineer, Puppet
Peter is a Professional Services Engineer at Puppet, and has been helping people on their first steps on their DevOps journey for over 5 years. He's been tinkering with Puppet since 2.7, and finds that listening to Bonobo increases his work output 50%.
Seth VargoDirector of Evangelism, HashiCorp
Seth Vargo is the Director of Evangelism at HashiCorp. Previously, Seth worked at Chef (Opscode), CustomInk, and a few Pittsburgh-based startups. He the author of Learning Chef and is passionate about reducing inequality in technology. When he is not writing, working on open source, or speaking at conferences, Seth enjoys spending time with his friends and advising non-profits. He loves all things bacon.
Bill WeissManager of SysOps, Puppet
As a red-and-blue-team member turned sysadmin herder, Bill Weiss had an early introduction to automation in security, and he's spent the rest of his career trying to bring that idea to more places. He started out working in the .gov, moved to Chicago to spend several years at a financial services SaaS, and finally made it to Portland in 2015 to join Puppet as the Manager of SysOps, which he thinks is a way better term than “sysadmin.”
Ben HughesSecurity Engineer, Etsy
"Don't call it a comeback, I've been here for years" Ben maintains he's an information security professional with over 15 long hard years and tens of shell accounts of experience. He's previously worked as an operations engineer for Puppet Labs, (yes that long ago, hence the comeback). He's also worked at global Fortune 500 companies, down to small startups on key areas of security, networking and infrastructure. He's spoken all over the world, in any city that has good third wave coffee, on topics relating to DevOps and all it entails, intrusion detection, buzzword conscious Docker, and why curl piped to sudo bash is the worst. He also does a mean She-Ra impersonation.
t
Get on the path to a better futureJoin us 19-21 October in San Diego
Register now
Summer Savings: Save $240 until 15 September
puppetconf.com