Operations at Duo, perhaps not surprisingly, are very security focused. However, we can't use our own products to protect our servers because if Duo is down we wouldn't be able to access our systems to get things back up. As a result, we can talk about securing your infrastructure in a way that's guaranteed to not be a vendor pitch!
We'll start out covering how to secure your infrastructure in operations-friendly way with frameworks like threat modeling, prioritizing infinite security backlogs, and compensating controls. The second half of the talk will walk through the lowest effort / highest impact infrastructure security projects Duo has done.
At the end of the talk, the audience should have some ideas for how to start improving their infrastructure security as well as asses new threats and prioritize remediation.