BSidesSF 2020 has ended
Back To Schedule
Saturday, February 22 • 9:00am - 11:45am
If This Then Hack: An Intro to DIY Cloud Security Automation with Python

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Event locked in Sched to limit confusion, see registration to determine current session availability.
Event held offsite, location to be announced (NOT METREON!)
Registration at https://bsidessf.regfox.com/2020 REQUIRED (cannot be reserved with Sched)

Security engineers face the daily task of detection, responding, and remediating incidents in both cloud and on-premise environments. Recent high-profile breaches have highlighted that even the organizations we would expect to have fine-tuned and automated security programs often have critical blind spots. Automating your incident response and detection workflows into existing pipelines can save time and manual analyst efforts which result in faster resolution times. There are any number of vendor that will happily take your money, but we can start to build our own DIY alternative with just some artisanal Python and the tools we already have.

Our workshop will discuss the core principles of what it takes to build your own automation tools for cloud security, from detecting events to automatically remediating. We won't be using toy examples: we'll be using the security tools we have used in industry like Splunk and Jira to build realistic end-to-end automation workflows. Students in our workshop will learn how to integrate the following flow 1) Identify an event (in public cloud), 2) Produce and capture the details of the event in Splunk and create a ticket in Jira, 3) Automatically enrich this data and create the appropriate automated remediation response. These steps can be completed to eliminate manual overhead on detection in the cloud as well as proper delegation to the appropriate team (incident response team, compliance, engineering teams, or other). With the use of simple Python scripts students will learn how they can build a simple yet fundamental security automation system. 

The approach to building automation you will learn in this workshop is applicable to any kind of ticket-centric operations environment, not just security. We want to pull back on the curtain on ""security automation"" and show that it really isn't magic, it's just a bit of code in the right places.

Students should be comfortable with basic Python scripting (at a minimum, able to write functions, loops, and conditionals without consulting documentation) and should be familiar with security terminology. The student who stands to gain the most from this course is one with professional experience in security and an interest in developing new skills in applying programming to automate their work.


Moses Schwartz

Moses is a staff security engineer working on the Box Security Automation team. He's part software developer and part security researcher, with over 10 years experience in industry and government. Nothing hurts him more than watching someone do a tedious, manual task that could be... Read More →
avatar for Ashish Patel

Ashish Patel

Security Engineer, Box
Ashish Patel is a security engineer on the Box Infrastructure Security team. He usually lives in the realm of cloud security and automating security related tasks that scale across multiple clouds & attack surfaces. 

avatar for HashiCorp



Saturday February 22, 2020 9:00am - 11:45am PST
Terraform HashiCorp SF Office 101 2nd St #700, San Francisco, CA 94105

Attendees (1)