Samuel Waymouth summarizes new services from re:Invent, provides security best practices, and looks to the future of information security. Followed by a session where you will learn about a number of AWS services involved integrating security into CICD pipelines. At the end of this session, you will learn about the automated possibilities where code development and deployment can be managed at scale through the use of various AWS services including AWS CodePipeline, AWS CodeBuild, and AWS Lambda.

Speaker: Samuel Waymouth, Senior Specialist SA, Security, AWS

Plenty has been said and written about how ML is changing the world; however if these ML implementations aren’t robust against attacks, they will - however briefly - change the world for the worse. While ML environments and the data used to train and test them typically require controls to implement confidentiality, integrity and availability just like any other kind of workload, the threat landscape for ML features techniques which extend and vary from those associated with more traditional systems. In this session, we explore some of these including poisoning, evasion, spoofing and fuzzing, GAN attacks and means of defending against them. As well as protecting working models against mutability, substitution and reducing the risk of reverse-engineering of intellectual property. We also explore approaches for data science security, and incident response in the context of ML environments. Finally, we discuss scope constraint of individual ML models to enhance robustness, and means of making hybrid systems incorporating ML models more robust against the eventuality of ML models returning incorrect results by application of error propagation and explicability techniques.

Speaker: Dave Walker, Principal SA, Security & Compliance, AWS

Building a reliable and secure user directory to manage identities is a difficult proposition. Ensuring the solution is scalable, based on common standards with support for multiple identity providers adds further complexity even when it is being used by a single organisation. An authentication solution for SaaS applications increases this complexity as this solution needs to also enforce isolation between different tenants of the application as well as add capabilities to add fine grained authorization for both tenants, users and even at an object level. In this session, we will discuss SaaS identity approaches using Amazon Cognito as an example Identity Provider (IdP) (but these concepts could easily be applied to other IdPs) in order to implement a tenant-aware customer-facing microservices applications.

Speaker: Owen Hawkins, Senior Solutions Architect ISV, AWS

Gain expert knowledge of AWS Security Hub custom insights and Amazon GuardDuty filters based on threat intelligence data. Learn to configure log aggregation to query for known ransomware and automatically respond to threats by turning playbooks into AWS Systems Manager automation documents. We'll demo where you get to use these tools to detect and respond to a simulated ransomware event pattern.

Speaker: Hexen Wilson, Solutions Architect, AWS

Learn how using Amazon EC2 Image Builder in AWS can start your team on a journey of shift-left; the practice of introducing security early into the development lifecycle.

Speaker: Patrick Palmer, Specialist SA Security, AWS

In this session you will dive deep into a new feature for fine grade access control to AWS services based on token attributes from federated Open ID Connect (OIDC) tokens using Amazon Cognito Identity Pools. We will show you how to setup authentication and authorization using Amazon Cognito User Pools, Amazon Cognito Identity Pools and IAM Policies to establish attribute-based access control to AWS services like S3. Features Amazon Cognito and AWS IAM.

Speaker: Laurens Brinker, Solutions Architect, AWS