t

Track Overview:Security

19 - 21 OctoberSan Diego

A Year in Open Source Automated Compliance With Puppet

This session will provide the attendee with a look at what the SIMP project has achieved since its debut at PuppetConf 2015. Topic covered will include a brief overview of the SIMP project, the creation of a public community, new features, the automated CI process, code level attestation of Puppet parameters to Policy, lessons learned, and a glimpse of the future.

2

Thursday, October 20 | 1:30 pm

Trevor VaughanVP Engineering, Onyx Point, Inc.

Security

Security Roadmap: How We Are Helping You When Everything is Burning

This talk will be a walk thru of the puppet security roadmap, where Puppet fits in the world of Security and the world of Compliance. Including, identifying what is burning, how to catch things before they burn, and why these features fit in with defining and aligning security with a DevOps approach. Additionally, we will do a demo and walk thru of what we have done to date. This will span things like our Corrective Change feature to PQL.

3

Thursday, October 20 | 2:30 pm

Verne Lindner

Beth CornilsSr. Product Manager, Puppet

UX Designer, Puppet

Security

Nice and Secure: Good OpSec Hygiene With Puppet!

Puppet is a great first step to making your environment more secure. Evolving your system setup into infrastructure as code allows a clear audit trail and more inspection of your current state, allowing you to shine a light on any problem areas in your estate. But how do we make sure our Puppet setup doesn't make things less secure whilst making it easier to automate? We're going to talk about:

4

Thursday, October 20 | 4:45 pm

Professional Services Engineer, PuppetPeter Souter

Security

● Making sure security is part of your workflow, rather than an afterthought.

● Best practise with hardening your Puppet architecture.● Secrets management with the Puppet toolchain.● Keeping your code clear of plaintext passwords.

Using HashiCorp's Vault With Puppet

One common challenge organizations often face when adopting secret management solutions like Vault into their infrastructure is how to fetch secrets from Vault using a configuration management tool like Puppet. In addition to providing a high-level overview of Vault and Vault's architecture, this example-driven talk details a few techniques for retrieving secrets from Vault using Puppet by bridging the gap between runtime and build time data. Join me on an adventure as we move our secrets from Hiera to Vault.

5

Friday, October 21 | 11:15 am

Seth VargoDirector of Evangelism, HashiCorp

Security

Puppet as Security Tooling

As a Puppet user, you know the value of Puppet for configuration management, deployment, and delivery of your applications. What you may not know is that it is also a powerful tool for securing your environment and for meeting your compliance and auditing needs. In this session you’ll see how Puppet can provide policy enforcement, help monitor compliance requirements, and help with fast response to security issues. I’ll speak about my experience running a small security program using Puppet and provide you guidance about where to look to make wins for your organization.

6

Friday, October 21 | 2:30 pm

Bill WeissManager of SysOps, Puppet

Security

How You Actually Get Hacked

One common challenge organizations often face when adopting secret management solutions like Vault into their infrastructure is how to fetch secrets from Vault using a configuration management tool like Puppet. In addition to providing a high-level overview of Vault and Vault's architecture, this example-driven talk details a few techniques for retrieving secrets from Vault using Puppet by bridging the gap between runtime and build time data. Join me on an adventure as we move our secrets from Hiera to Vault.

7

Friday, October 21 | 3:45 pm

Ben HughesSecurity Engineer, Etsy

Security

Want to explore more PuppetConf sessions? View our full agenda and other tracks at puppet.com/puppetconf

t

Security:Speakers

19 - 21 OctoberSan Diego

Trevor VaughanVP Engineering, Onyx Point, Inc.

Trevor is a co-founder of Onyx Point, Inc. and has been using Puppet since 0.24 to automate pretty much everything. He is the organizer of the Baltimore Puppet Users Group and a voracious Open Source supporter. He is also the technical lead for the SIMP project, released by the National Security Agency, to improve the availability of compliant managed platforms to the systems management industry.

Beth CornilsSr. Product Manager, Puppet

Beth Cornils is a product manager for Insights and Visibility, Security, and PuppetDB. She's spent the last 2 years at Puppet learning about why sysadmins and security people do what they do. Turns out, Developers, Operations, and Security people have different motivators. Who knew! Most important lesson learned from Ops this year, no one cares about my feature the way I do. They only care how much glue is needed to make it work. Opservations, they keep me honest.

Verne LindnerUX Designer, Puppet

Verne Lindner is part of the user experience team at Puppet. As part of her team, she has designed change reporting tools for PE's graphical user interface, as well as the GUI's node graph. She is currently working on aggregate and historical reporting tools for Puppet-managed systems.

Peter SouterProfessional Services Engineer, Puppet

Peter is a Professional Services Engineer at Puppet, and has been helping people on their first steps on their DevOps journey for over 5 years. He's been tinkering with Puppet since 2.7, and finds that listening to Bonobo increases his work output 50%.

Seth VargoDirector of Evangelism, HashiCorp

Seth Vargo is the Director of Evangelism at HashiCorp. Previously, Seth worked at Chef (Opscode), CustomInk, and a few Pittsburgh-based startups. He the author of Learning Chef and is passionate about reducing inequality in technology. When he is not writing, working on open source, or speaking at conferences, Seth enjoys spending time with his friends and advising non-profits. He loves all things bacon.

Bill WeissManager of SysOps, Puppet

As a red-and-blue-team member turned sysadmin herder, Bill Weiss had an early introduction to automation in security, and he's spent the rest of his career trying to bring that idea to more places. He started out working in the .gov, moved to Chicago to spend several years at a financial services SaaS, and finally made it to Portland in 2015 to join Puppet as the Manager of SysOps, which he thinks is a way better term than “sysadmin.”

Ben HughesSecurity Engineer, Etsy

"Don't call it a comeback, I've been here for years" Ben maintains he's an information security professional with over 15 long hard years and tens of shell accounts of experience. He's previously worked as an operations engineer for Puppet Labs, (yes that long ago, hence the comeback). He's also worked at global Fortune 500 companies, down to small startups on key areas of security, networking and infrastructure. He's spoken all over the world, in any city that has good third wave coffee, on topics relating to DevOps and all it entails, intrusion detection, buzzword conscious Docker, and why curl piped to sudo bash is the worst. He also does a mean She-Ra impersonation.

t

Get on the path to a better futureJoin us 19-21 October in San Diego

Register now

Summer Savings: Save $240 until 15 September

puppetconf.com