I prefer to organize conferences than be in them, but every so often I write a talk.
Some things I’ve made mostly for work but also play:
- Authkeys - An LDAP authorizedKeysCommand provider (blog post)
- Deputize - Manages your on-call’s access to resources, automatically (blog post)
- gelfbeat - Takes in UDP-based GELF formatted UDP traffic and packages it up into the beats format
- mrmanager - Takes dynamic credentials from Vault and puts them into the right place on disk
- onair - Controls an IP light when you’re on a video or audio call
- pipefitter - Manages IP target groups in multiple regions and VPC Endpoint Principal Allowlists
- Trash Taxi - Terminates instances that people have run manual commands on (blog post, website)
- ts - a CLI tool for the Threat Stack API
- VPNNotify - Sends you a slack DM when you start an OpenVPN session (blog post)
2019-10-28: Usenix LISA19 Program Co-Chair - LISA has been around for a long time - about 31 years. Is System Administration relevant in 2019? Sure is - we just call it a bunch of different things now. I worked with Mike Rembetsy to build a systems conference worthy of the 💯 emoji.
2019-08-07 BlackHat 2019 has an Arsenal track, and I demoed a new tool I wrote at Threat Stack called Trash Taxi. It manages instance lifecycle for EC2 instances that have had manual commands run on them.
2019-03-18: MIT Lincoln Laboratory had a workshop on Understanding Mission Driven Resiliency. This was a day-long workshop to bring government officials and industry folks together to chat about resiliency in the context of cybersecurity, and the barriers that exist at the government level that contribute to brittle systems as delivered. The workshop also touched on some geopolitical factors, which was interesting as well.
2019-03-13: Threat Stack, CHAOSSEARCH and Logz.io had an evening meetup and once again I did the Securing a Security Company talk. This was a well run event and Sarah Wills, Pete Cheslock, and Quintessance Anx (listed by org) did a nice job of putting it all together.
2018-10-29: At LISA18 I did my Securing a Security Company talk, and was on a last minute panel about DevSecOps. My talk is available on the site, but it’s my least favorite run of it. Funny story: I started getting super sick the night before and gave the talk with a stomach bug anyways, so keep that in mind if you watch it 🤣. I was on the program committee for LISA18 as well.
2018-07-25: Talked at Boston DevOps about Securing a Security Company. This was the first run of this talk. In short, we build a lot of our own tooling - as much as we have time to allow for - to make security easier. Living the DevSecOps dream, one day at a time.
2018-02-11: I got annoyed with OpenSSL commands, and made a website to help generate CSRs using OpenSSL, if you need that kind of thing.
2017-05-15: I had the pleasure of spending a couple of days at what is now Oslo Metropolitan University, where I gave a guest lecture to students about the intersection of Security and Operations. On another day I gave a talk to faculty about the challenges involved in running OpenStack and why Joyent’s SmartDataCenter was a bit easier to run for a small research organization.
2015-11-08: I presented my masters project at LISA15, which was a way to set up some containers to be used as on-demand bastion hosts. That work was called Spyglass and the talk is pretty short too! Spyglass was the last paper presented at LISA.
2014-02-25: I gave my first talk 🎉 at Utah State University’s Partners in Business conference. It was a while ago, but the talk was something about bringing IT to the table and making them business enablers, and I was on a panel about security too. I remember meeting David Thaw and Branson Matheson there, and also being super nervous. A huge thanks to Nicole Forsgren for the opportunity!
2013-11-08: I was a LISA13 program committee member, looking for talks and papers.
29b8382 @ 2020-08-05