Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
 
View analytic
Friday, September 25 • 1:00pm - 1:55pm
Cipher Text Says “MIID8zCCAtugAwIBAgIBAT” - Enterprise-wide SSL Automation w/Lemur + CloudCA

Sign up or log in to save this to your schedule and see who's attending!

Cipher Text Says “MIID8zCCAtugAwIBAgIBAT” - Enterprise-wide SSL Automation w/Lemur + CloudCA
Contact - Kevin Glisson, Netflix, kglisson@netflix.com

Abstract
At Netflix Security we try our best to enable developers by removing roadblocks and providing systems with “sane” defaults that keep everyone from shooting themselves in the foot. When dealing with SSL shooting yourself in the foot particularly important; self-signed, mismanaged or otherwise weak SSL certificates undermine SSL’s main purpose of providing confidentiality between systems.

How many times have you heard fellow engineers mutter “What openssl flag did I need again? -newkey? -newKey? rsa what?!” Lemur and CloudCA together provide a solution such that making and managing SSL certificates much easier for a normal developer. In both of these systems we guide developers toward making “good decisions” while enabling them to stand up SSL on more and more of their applications. More and stronger SSL?! Win!

Lemur and CloudCA are fully integrated with AWS. Lemur allows for certificate tracking of certificates already in AWS; uploading new CAs into AWS. Lemur event supports multiple AWS accounts!

This talk will focus on how Lemur + CloudCA helps Netflix increase and manage it’s use of SSL; how they enable developers and ultimately provide better security for Netflix as a whole.

Lemur and CloudCA are planned to be open sourced in Q2 of 2015.

About Me
Avid mountain biker
Food Waster
AngularJS Hacker
Interested in:
Security Automation
Incident Response
Malware

Current
Senior Cloud Security Engineer @ Netflix
Former
Cyber Intelligence Analyst @ J.P. Morgan Chase & Co.
Computer Security Incident Responder @ J.P. Morgan Chase & Co.

Speakers
avatar for Kevin Glisson

Kevin Glisson

Senior Cloud Security Engineer, Netflix
When Kevin Glisson is not playing with security automation, new languages and python libraries he is an avid mountain biker and backpacker enjoying all parts of the Sierra's. Kevin is currently a Security Engineer at Netflix writing tools to help streamline security operations and make the cloud more approachable and secure. Kevin has previously worked on the Cyber Intelligence and Incident Response teams at J.P. Morgan Chase, working to... Read More →


Friday September 25, 2015 1:00pm - 1:55pm
Room A