AWS reInvent, Thursday
Again, I’m not going to blog the keynote as it’ll be covered elsewhere. Because the event is so huge, I watched it via videolink from the Venetian instead of going to see it in person at the MGM (which is where I was staying) as I wouldn’t have been able to get back up to the Venetian in time for the next talk!
Security Best Practices
Talk by AWS’ CISO, Stephen Schmidt
Security is a key priority at AWS. The CEO meets CISO for an hour a week, every week. That’s a lot of CEO commitment. Even more commitment: to get buy in from all across the organisation, after any security event the business owner (not the security team) gets to have a meeting with the CEO to explain what happened. “This drives change in the business” — I bet it does!
The talk then moved to recruitment. For security staff, AWS are looking for high technical standards but just as important are the soft skills:
They need security to be a partner to developers so infosec mustn’t be the people that say no and like staff to understands what it’s like to build a service.
They even do “how’s my driving” reviews for infosec. E.g. After an AppSec review the internal customer gives feedback on how the experience was. The use this data to constantly improve focus and drive change.
As with other parts of AWS, there’s an emphasis on making decisions quickly — only wait for 80% of the data before making a decision and escalate early. Senior leaders meet quickly and often and pull in lead engineers as required.
The closing thoughts were interesting. Amazon’s leadership principles included “Dive deep”, so there’s an emphasis on understanding in detail what actually happens in the organisation. The CISO was hanging security cameras for reInvent!
Key items:
Expo and The Quad
Those two sessions took up the whole morning. After lunch it was time to visit the Expo, meet with some of our suppliers and then my favourite thing of the conference: The Quad.
This showcased projects built by individuals in their own time plus the amazing Lego ball mover
NASA’s JPL were showing off their “build your own Curiosity Rover” aimed at schools
but one guy had just built his own with integrated image recognition, speech input and vision. I lost track of how many computers it had, but I think 4 or 5 rPis and a couple of Ardunios, all connected via a message bus running on one of the Pis
Another two people had written a system hooked up to Alexa that predicted flight delays. It took speech as input and then gave back a delay time using ML based on public delay data from the last 35 years.
Since it’s an Alexa system, it’s not as cool looking as the robots, but it did have a nice architecture diagram
and a very basic UI :)
Finally there was the most mad flight sim ever, also cloud connected
I didn’t get to go on it, but I think it gives you instructions on how not to crash via voice.
