Last month, Creditsafe’s Director of Information Security and Compliance, Geraint Treharne flew to Philadelphia for AWS re:Inforce, the annual, immersive, cloud-security learning event. Below, Geraint shares some insights and highlights from the exciting annual event which attracted over 5,200 attendees. ✈️ "What's this? Another Amazon Web Services (AWS) event you say? After all, for in-person events there's the AWS Summit, AWS re:invent, AWS Innovate, and now re:inforce! There are plenty more by the way, but they're virtual live or on demand only. Re:inforce is billed as a security event. I'm going to muddy the waters further and argue re:inforce is not even aimed primarily at security teams. Security teams would be primarily interested in either standards, compliance evidence gathering or reporting, or the security tooling itself for alerting/forensics/analysis means. I'd argue that there's an element of security in everyone's job, and this conference reflected that. The topics covered at re:inforce that I went to, and found most useful, included: ✔️ Strengthen Open Source Software Supply Chain Security ✔️ Strenghten security throughout the SDLC with generative AI ✔️ Accelerating auditing and compliance for generative AI on AWS ✔️ Strategies for risk mitigation ✔️ Establishing a data perimeter on AWS ✔️ GenAI Sills and Culture for Security Organisations ✔️ Provable Security and Automated Reasoning in testing There were some very useful architecture discussions hosted by the likes of CapitalOne and Meta on their use of AWS services. Especially their approaches to data perimeters, AWS organisations, quarantining accounts automatically and dynamic service control policies. The people I bumped into at the event were mostly Developers, Platform Engineers, Auditors and InfoSec management. 👋 There were some great examples of how AWS went the extra mile in running these sessions which included: ⭐ Live realtime transcriptions (with corrections!) of every session ⭐ Most sessions had live American Sign Language screens ⭐ Dedicated seating for sight impaired and wheelchair based attendees ⭐ Ramps and lifts for all disabled presenters ⭐ Silent disco style headphones for all sessions ⭐ Must have been at least 100 lab stations to try out ⭐ Gamified learning sessions where scenarios are worked through by teams of 6 on topics like incident management, SDLC, governance What did we learn? Creditsafe is already doing much which is considered best practice. There were also several frameworks that could either be utilised or adapted for Creditsafe. I'll be doing some presentations to any team at Creditsafe that's interested on what technologies were presented at re:invent and their applicability here." #AWS #reInforce
-
+3