DAY 2, OCTOBER 19
11:00 - 11:45
DEVOPS STREAM А
ABOUT THE SPEAKER
Starting a life-long fascination with managing resilience and risk in large-scale dynamic systems with clever engineering, Eugene wrote code that managed survival of millions of lives 24/7 (although, these were bacterias in a lab tank, and code ran on tank environment controller) at the age of 16, started career as an ISP engineer a few years later, and spent over 18 years building, operating, and lately supervising the development of large-scale systems in banking and finance, govtech, broadcast, agriculture and information security.
In his duty as CTO at Cossack Labs, vendor of data security products and solutions, Eugene is responsible for managing development of open-source and enterprise data security solutions for protecting the data in large distributed systems.
Eugene’s life-long interests blend between technical security, reliability engineering, and the way humans make decisions, assess risk and create mess in complex technical environments.
SPEECH: Designing secure architectures, the modern way
Most of the design thinking for preventing security incidents and performance bottlenecks focuses on avoiding known risks in a known way. However, most of the time this approach leads to cost-efficient systems that are prone to unexpected failures and attack chaining.
Instead, taking security into account on architecture design phase, learning to accept and manage security risks appropriately on each level of systems design and implementation, typically results in resilient systems that can fail to update a small component – but that barely matters, because the risk is well-managed.
This talk will try to cross the bridge between modern DevOps/SRE practices, systems architecture design and traditional security/risk management. It is driven by lessons learnt from building systems the modern way in high-risk environments with high reliability and security demands, drawing from experience of protecting governmental secrets, critical infrastructure and preventing banking fraud at scale.