Protecting Duo without Duo

Operations at Duo, perhaps not surprisingly, are very security focused. However, we can't use our own products to protect our servers because if Duo is down we wouldn't be able to access our systems to get things back up. As a result, we can talk about securing your infrastructure in a way that's guaranteed to not be a vendor pitch!

We'll start out covering how to secure your infrastructure in operations-friendly way with frameworks like threat modeling, prioritizing infinite security backlogs, and compensating controls. The second half of the talk will walk through the lowest effort / highest impact infrastructure security projects Duo has done.

At the end of the talk, the audience should have some ideas for how to start improving their infrastructure security as well as asses new threats and prioritize remediation.



Zach Steindler

Zach has helped out with many meetups and events in Ann Arbor over the years. He's co-founded meetups (CoffeeHouseCoders) and companies (Olark). When he isn't working he enjoys camping and biking, ...