Evan Gilman

Let's face it - the perimeter-based architecture has failed us. Today's attack vectors can easily defeat expensive stateful firewalls and evade IDS systems. Perhaps even worse, perimeters trick people into believing that the network behind it is somehow "safe", despite the fact that chances are overwhelmingly high that at least one device on that network is already compromised.

It is time to consider an alternative approach. Zero Trust is a new security model, one which considers all… Show more

Let's face it - the perimeter-based architecture has failed us. Today's attack vectors can easily defeat expensive stateful firewalls and evade IDS systems. Perhaps even worse, perimeters trick people into believing that the network behind it is somehow "safe", despite the fact that chances are overwhelmingly high that at least one device on that network is already compromised.

It is time to consider an alternative approach. Zero Trust is a new security model, one which considers all parts of the network to be equally untrusted. Taking this stance dramatically changes the way we implement security systems. For instance, how useful is a perimeter firewall if the networks on either side are equally untrusted? What is your VPN protecting if the network you're dialing into is untrusted? The Zero Trust architecture is very different indeed.

In this talk, we'll go over the Zero Trust model itself, why it is so important, what a Zero Trust network looks like, and what components are required in order to actually meet the challenge. Show less

The perimeter defenses guarding your network perhaps are not as secure as you think. Hosts behind the firewall have no defenses of their own, so when a host in the "trusted" zone is breached, access to your data center is not far behind. That’s an all-too-familiar scenario today. With this practical book, you’ll learn the principles behind zero trust architecture, along with details necessary to implement it.

The Zero Trust Model treats all hosts as if they’re internet-facing, and… Show more

The perimeter defenses guarding your network perhaps are not as secure as you think. Hosts behind the firewall have no defenses of their own, so when a host in the "trusted" zone is breached, access to your data center is not far behind. That’s an all-too-familiar scenario today. With this practical book, you’ll learn the principles behind zero trust architecture, along with details necessary to implement it.

The Zero Trust Model treats all hosts as if they’re internet-facing, and considers the entire network to be compromised and hostile. By taking this approach, you’ll focus on building strong authentication, authorization, and encryption throughout, while providing compartmentalized access and better operational agility.

Understand how perimeter-based defenses have evolved to become the broken model we use today
Explore two case studies of zero trust in production networks on the client side (Google) and on the server side (PagerDuty)
Get example configuration for open source tools that you can use to build a zero trust network
Learn how to migrate from a perimeter-based network to a zero trust network in production Show less

As your company's Engineering team grows, and the rate of infrastructure evolution increases, it becomes increasingly apparent that it is not only your Ops team that needs to manipulate the infrastructure codebase - it's everyone! So tools are built, skills are taught, and before you know it, the infrastructure codebase is the most contentious in the whole organization. This talk chronicles PagerDuty's journey from Ops-driven evolution to distributed evolution, the pains involved and the hard… Show more

As your company's Engineering team grows, and the rate of infrastructure evolution increases, it becomes increasingly apparent that it is not only your Ops team that needs to manipulate the infrastructure codebase - it's everyone! So tools are built, skills are taught, and before you know it, the infrastructure codebase is the most contentious in the whole organization. This talk chronicles PagerDuty's journey from Ops-driven evolution to distributed evolution, the pains involved and the hard lessons learned. Show less

Infrastructure orchestration systems are a family of tools that allow dispatching commands against a set of remote hosts in a controlled (often ordered) fashion. MCollective, fabric, ansible etc are few of them.

In this talk, Evan discusses serf and blender as another system orchestration tool. It born out of our need to have similar but network tolerant tool (as PagerDuty maintains large, distributed clusters over WAN that can withstand network outages). Serf's master less, gossip style… Show more

Infrastructure orchestration systems are a family of tools that allow dispatching commands against a set of remote hosts in a controlled (often ordered) fashion. MCollective, fabric, ansible etc are few of them.

In this talk, Evan discusses serf and blender as another system orchestration tool. It born out of our need to have similar but network tolerant tool (as PagerDuty maintains large, distributed clusters over WAN that can withstand network outages). Serf's master less, gossip style event dispatch mechanism and ability to execute handlers upon receiving events helped them to build their own tools where serf acts as the message dispatching mechanism and they get to implement the "what to do if this event received" part. Currently they are using this to automate entire fleet wide Chef runs, periodic cassandra operations (like restores, compaction/repairs etc). Show less