San Francisco, California, United States
Contact Info
715 followers
500+ connections
Activity
-
Had fun talking about #servicemesh and cloud native security today at #CNScon! Thanks everyone for coming out... if you want to learn more about…
Had fun talking about #servicemesh and cloud native security today at #CNScon! Thanks everyone for coming out... if you want to learn more about…
Liked by Evan Gilman
-
Thanks to Gabriele Columbro and the whole FINOS team for a superb Open Source in Finance Forum! ControlPlane had a marvellous time in London: -…
Thanks to Gabriele Columbro and the whole FINOS team for a superb Open Source in Finance Forum! ControlPlane had a marvellous time in London: -…
Liked by Evan Gilman
-
I'm often asked the difference between SPIFFE and more traditional certificate lifecycle management .. this sums up the differences pretty well 👏
I'm often asked the difference between SPIFFE and more traditional certificate lifecycle management .. this sums up the differences pretty well 👏
Shared by Evan Gilman
Experience & Education
Publications
-
Zero Trust: Building Systems in Untrusted Networks (Talk)
Usenix Association
Let's face it - the perimeter-based architecture has failed us. Today's attack vectors can easily defeat expensive stateful firewalls and evade IDS systems. Perhaps even worse, perimeters trick people into believing that the network behind it is somehow "safe", despite the fact that chances are overwhelmingly high that at least one device on that network is already compromised.
It is time to consider an alternative approach. Zero Trust is a new security model, one which considers all…Let's face it - the perimeter-based architecture has failed us. Today's attack vectors can easily defeat expensive stateful firewalls and evade IDS systems. Perhaps even worse, perimeters trick people into believing that the network behind it is somehow "safe", despite the fact that chances are overwhelmingly high that at least one device on that network is already compromised.
It is time to consider an alternative approach. Zero Trust is a new security model, one which considers all parts of the network to be equally untrusted. Taking this stance dramatically changes the way we implement security systems. For instance, how useful is a perimeter firewall if the networks on either side are equally untrusted? What is your VPN protecting if the network you're dialing into is untrusted? The Zero Trust architecture is very different indeed.
In this talk, we'll go over the Zero Trust model itself, why it is so important, what a Zero Trust network looks like, and what components are required in order to actually meet the challenge.Other authorsSee publication -
Zero Trust Networks: Building Systems in Untrusted Networks (Book)
O'Reilly Media
The perimeter defenses guarding your network perhaps are not as secure as you think. Hosts behind the firewall have no defenses of their own, so when a host in the "trusted" zone is breached, access to your data center is not far behind. That’s an all-too-familiar scenario today. With this practical book, you’ll learn the principles behind zero trust architecture, along with details necessary to implement it.
The Zero Trust Model treats all hosts as if they’re internet-facing, and…The perimeter defenses guarding your network perhaps are not as secure as you think. Hosts behind the firewall have no defenses of their own, so when a host in the "trusted" zone is breached, access to your data center is not far behind. That’s an all-too-familiar scenario today. With this practical book, you’ll learn the principles behind zero trust architecture, along with details necessary to implement it.
The Zero Trust Model treats all hosts as if they’re internet-facing, and considers the entire network to be compromised and hostile. By taking this approach, you’ll focus on building strong authentication, authorization, and encryption throughout, while providing compartmentalized access and better operational agility.
Understand how perimeter-based defenses have evolved to become the broken model we use today
Explore two case studies of zero trust in production networks on the client side (Google) and on the server side (PagerDuty)
Get example configuration for open source tools that you can use to build a zero trust network
Learn how to migrate from a perimeter-based network to a zero trust network in productionOther authorsSee publication -
Organizational Bottlenecks & Shared Service Anti Patterns
Automacon 2016
As your company's Engineering team grows, and the rate of infrastructure evolution increases, it becomes increasingly apparent that it is not only your Ops team that needs to manipulate the infrastructure codebase - it's everyone! So tools are built, skills are taught, and before you know it, the infrastructure codebase is the most contentious in the whole organization. This talk chronicles PagerDuty's journey from Ops-driven evolution to distributed evolution, the pains involved and the hard…
As your company's Engineering team grows, and the rate of infrastructure evolution increases, it becomes increasingly apparent that it is not only your Ops team that needs to manipulate the infrastructure codebase - it's everyone! So tools are built, skills are taught, and before you know it, the infrastructure codebase is the most contentious in the whole organization. This talk chronicles PagerDuty's journey from Ops-driven evolution to distributed evolution, the pains involved and the hard lessons learned.
-
Resilient Infrastructure Orchestration with Serf
Hashiconf 2015
Infrastructure orchestration systems are a family of tools that allow dispatching commands against a set of remote hosts in a controlled (often ordered) fashion. MCollective, fabric, ansible etc are few of them.
In this talk, Evan discusses serf and blender as another system orchestration tool. It born out of our need to have similar but network tolerant tool (as PagerDuty maintains large, distributed clusters over WAN that can withstand network outages). Serf's master less, gossip style…Infrastructure orchestration systems are a family of tools that allow dispatching commands against a set of remote hosts in a controlled (often ordered) fashion. MCollective, fabric, ansible etc are few of them.
In this talk, Evan discusses serf and blender as another system orchestration tool. It born out of our need to have similar but network tolerant tool (as PagerDuty maintains large, distributed clusters over WAN that can withstand network outages). Serf's master less, gossip style event dispatch mechanism and ability to execute handlers upon receiving events helped them to build their own tools where serf acts as the message dispatching mechanism and they get to implement the "what to do if this event received" part. Currently they are using this to automate entire fleet wide Chef runs, periodic cassandra operations (like restores, compaction/repairs etc).
More activity by Evan
-
In Seattle next week? Sign up for the Workload Identity Happy Hour! Tuesday, 6pm. More info by email 🎊
In Seattle next week? Sign up for the Workload Identity Happy Hour! Tuesday, 6pm. More info by email 🎊
Shared by Evan Gilman
-
This year at Cloud Native Security Con in Seattle, there are NINE different talks on SPIFFE and the importance of workload identity 👀 Will you be…
This year at Cloud Native Security Con in Seattle, there are NINE different talks on SPIFFE and the importance of workload identity 👀 Will you be…
Shared by Evan Gilman
People also viewed
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Evan Gilman in United States
-
Evan Gilman
Creative Director - Q Arabica Assistant Instructor
-
Evan Gilman
Producer at Team Liquid
-
Evan Gilman
Engineering, Operations, & Program Management
-
Evan Gilman
3L/ J.D. Candidate at Seton Hall University
12 others named Evan Gilman in United States are on LinkedIn
See others named Evan Gilman