Rootconf 2019

Rootconf 2019

On infrastructure security, DevOps and distributed systems.

About Rootconf 2019:

The seventh edition of Rootconf is a two-track conference with:

  1. Security talks and tutorials in audi 1 and 2 on 21 June.
  2. Talks on DevOps, distributed systems and SRE in audi 1 and audi 2 on 22 June.

Topics and schedule:

View full schedule here: https://hasgeek.com/rootconf/2019/schedule

Rootconf 2019 includes talks and Birds of Feather (BOF) sessions on:

  1. OSINT and its applications
  2. Key management, encryption and its costs
  3. Running a bug bounty programme in your organization
  4. PolarDB architecture as Cloud Native Architecture, developed by Alibaba Cloud
  5. Vitess
  6. SRE and running distributed teams
  7. Routing security
  8. Log analytics
  9. Enabling SRE via automated feedback loops
  10. TOR for DevOps

Who should attend Rootconf?

  1. DevOps programmers
  2. DevOps leads
  3. Systems engineers
  4. Infrastructure security professionals and experts
  5. DevSecOps teams
  6. Cloud service providers
  7. Companies with heavy cloud usage
  8. Providers of the pieces on which an organization’s IT infrastructure runs – monitoring, log management, alerting, etc
  9. Organizations dealing with large network systems where data must be protected
  10. VPs of engineering
  11. Engineering managers looking to optimize infrastructure and teams

For information about Rootconf and bulk ticket purchases, contact info@hasgeek.com or call 7676332020. Only community sponsorships available.

Rootconf 2019 sponsors:

Platinum Sponsor

CRED

Gold Sponsors

Atlassian Endurance Trusting Social

Silver Sponsors

Digital Ocean GO-JEK Paytm

Bronze Sponsors

MySQL sumo logic upcloud
platform sh nilenso CloudSEK

Exhibition Sponsor

FreeBSD Foundation

Community Sponsors

Ansible PlanetScale

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Shadab Siddiqui

@shadsidd

Devil lies in the details: running a successful bug bounty programme in your organization

Submitted Jun 6, 2019

The aim is to help everyone understand the two side of bug bounty or vulnerability research program. Everyone would get a walkthrough on though how glamourous one side for a bug bounty hunter is with all fancy rewards/recognition and in a time where bug bounty profile is equivalent to developers GitHub profile in a CV to how hard it is for an organization to decide on whether to have a program like this or not.
Finding the way forward is hard as having one has it’s own problem and not having one has it’s own repurcursion. And also glimpse into what challenges pop up while we go down the path of having one from aligning different teams(finance/legal/PR/engineering etc.) across the organization. In a nutshell, the aim is to deliver on what point to consider in the timeline of an organisation to have a bug bounty program and understand the pros and cons of it.

Outline

Agenda of this talk is to give a glimpse into the actual world of bug bounty and just not from what we read in news. These will be some points of discussion to paint a complete picture for the audience:

-Introduction and benefits of having a bug bounty program
-Discuss on would it make sense to have a bug bounty program or can we live without it
-What take do leadership has on bug bounty, their concerns, and expectations
-What could go wrong if we dont even bother
-When is the right time in the timeline of an organization to have open connect with security researchers
-What kind of organizations need such program or how do we decide it for my non-IT organization
-What platform make sense? Should we buy or build our own
-Why problem would pop up while building a platform vs drawbacks on signing up on a platform
-What all process needs to put in place across the organization to have a successful one
-What is bare minimum automation we need to have to scale up to all bugs we receive
-How do different teams react to it like the legal team(policies), finance team, PR team etc.
-What are the logistic problem that shows up towards the launch
-Do’s and Do not’s of a bug bounty program
-My take on what it takes to run a successful bug bounty program

Speaker bio

Shadab has led Black Ops teams err.. Information Security teams as a specialist with unicorns like Ola, Flipkart and large scale Internet firms like Adobe. An engineer by heart with out of the box thinking.
He has good hands-on experience in E-commerce, payment gateways, mobile security, logistic product, Digital signing, Container/Infra Security, plugging security as part of SDLC to name and few others.
He has bootstrapped security engineering team multiple times from scratch. He has experience around building security automation, building real-time detection of attack anomalies, evangelizing security, compliance, cryptography and making sure the product security is kept the tallest.

Currently, he heads Information security, Privacy and Trust @Hotstar

Slides

https://docs.google.com/presentation/d/1stD4eHdtosbeBAee8FNBIYotNHxJJINGzCd1VvVgTEg

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more