Rootconf 2018

Rootconf 2018

On scaling infrastructure and operations

About Rootconf 2018 and who should attend:

Rootconf is India’s best conference on DevOps, SRE and IT infrastructure. Rootconf attracts systems and operations engineers to share real-world knowledge about building reliable systems.

The 2018 edition is a single track conference. Day 1 – 10 May – features talks on security. Colin Charles (chief evangelist at Percona Foundation), Pukhraj Singh (former national cybersecurity manager at UIDAI), Shamim Reza (open source enthusiast), Alisha Gurung (network engineer at Bhutan Telecom) and Derick Thomas (former network engineer at VSNL and Airtel Bharti) will touch on important aspects of infrastructure, database, network and enterprise security.

Day 2 – 11 May – is filled with case studies and stories about legacy code, immutable infrastructure, root-cause analysis, handling dependencies and monitoring. Talks from Exotel, Kayako, Intuit, Helpshift, Digital Ocean, among others, will help you evaluate DevOps tools and architecture patterns.

If you are a:

  1. DevOps programmer
  2. Systems engineer
  3. Architect
  4. VP of engineering
  5. IT manager

you should attend Rootconf.

Birds Of Feather (BOF) sessions at Rootconf 2018 will cover the following topics:

  1. DevSec Ops
  2. Microservices - tooling, architecture, costs and culture
  3. Mistakes that startups make when planning infrastructure
  4. Handling technical debt
  5. How to plan a container strategy for your organization
  6. Evaluating AWS for scale
  7. Future of DevOps

Rootconf is a conference for practitioners, by practitioners.

The call for proposals is closed. If you are interested in speaking at Rootconf events in 2018, submit a proposal here: rootconf.talkfunnel.com/rootconf-round-the-year-2018/

Venue:

NIMHANS Convention Centre, Lakkasandra, Hombegowda Nagar, Bengaluru, Karnataka 560029.

Schedule, event details and tickets: https://rootconf.in/2018

For more information about Rootconf, sponsorships, outstation events, contact support@hasgeek.com or call 7676332020.

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Pukhraj Singh

@bhujang

Death of enterprise security: introduction to abstraction and machine-to-machine orchestration

Submitted Mar 27, 2018

The enterprise security architecture is dying by a thousand cuts. The commercial security product landscape remains too fragmented, creating intelligence siloes within an organisation which the attackers wade through with ease and elegance.

The internet has always been driven by standards with commercial applications being an afterthought, whereas in cybersecurity it has been the opposite. Such is the state of affairs in this industry that the contemporary security architecture itself has been weaponized and become completely divergent from the threat. No reason, even after 25 years, we are still running an anti-virus. This is an existential reckoning not only for organisations but for nation states as well; and we are not even touching upon the geopolitics of the situation. There’s no corporate or government in cyber – they are joined to the hip.

The older models, which heavily focused on detection, have given way to new paradigms of response and mitigation with an emphasis on sharing and collaboration. Rounding off situational awareness from human to machine speed is also on the horizon.

This talk will discuss some aspects of that. The evolution of machine-to-machine orchestration standards like Open Command-&-Control (OpenC2) and Structured Threat Information Exchange (STIX) is a case in point. The rise of Information Sharing & Analysis Centres (ISACs) in the United States also heralds a new approach towards cyber defence. So is the increasing adoption of open source security automation stacks like Apache Metron and Apache Spot which challenges the hegemony of horrible monstrosities called the Security Incident & Event Management (SIEMs).

We would visit the case studies and practical applications of these emerging frameworks, which hint at a broader churn within the domain.

Outline

This talk will cover:

  1. The silos within the enterprise security architecture

  2. We are divergent from the threat

  3. Introduction to STIX-TAXII

  4. Introduction to OpenC2

  5. Introduction to Apache Metron and Apache Spot

  6. Case studies

Speaker bio

Pukhraj Singh is the Director of Bhujang – a cyber intelligence analytics venture creating indigenous technical enablers for securing national cyberspace and critical infrastructure.

Bhujang is backed by decorated national security functionaries, with Vice Admiral DSP Varma (retd.) – the former Director General of the Indian nuclear submarine programme – acting as its Chairman.

Pukhraj had earlier played an instrumental role in setting up the cyber-warfare operations centre of the Indian Government.

He was laterally inducted into the Government from the private sector at a very short notice after the 26/11 attacks. It was a multi-disciplinary tenure, ranging from geopolitical doctrine formulation, eventually approved by the Prime Minister, to the very brass tacks of cyber operations.

Later, he spent some time at Aadhaar, India’s flagship social security project as the national cybersecurity manager.

Pukhraj also had very brief stints in the private sector, working with Symantec’s DeepSight Threat Intelligence Team – industry’s first threat intelligence platform – and other innovative American, Canadian and Israeli firms.

He has spoken at a variety of national security forums and hacking conferences.

Slides

https://www.slideshare.net/pukhraj/the-death-of-enterprise-security-as-we-know-it-pukhraj-singh-rootconf-2018/

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more