Finding a Scalable Way to Stop Attackers

Evan Gilman, an operations engineer at PagerDuty, emphasized the critical importance of robust security practices during a recent talk at a meetup held at PagerDuty HQ. He highlighted the challenges of maintaining security in both small and large organizations, stressing the need for a scalable approach to fend off persistent attackers. Emphasizing a "secure by default" mindset, Evan advocated for stringent security checks and the protection of all data, even logs, by assuming a constantly hostile network environment, particularly in cloud settings. He recommended encrypting all network traffic at the transport layer and sanitizing outbound data to protect against provider vulnerabilities. Automation plays a key role in Gilman's strategy, suggesting the distribution of security policies through a centralized ruleset that individual nodes can enforce locally, exemplified by role-based access controls. Monitoring and responsive alert systems are crucial, as evidenced by the need to track encryption levels and the use of host-based intrusion detection systems (HIDS) due to the absence of virtual private clouds (VPC) in PagerDuty's distributed infrastructure. Concluding with a call to action, Gilman urged the audience to begin implementing security measures immediately to mitigate technical debt and address existing vulnerabilities.