ISSA Central MD Chapter Meeting Presentation: 2018-09-26-Meeting-Presentation.pdf

Speaker Presentation: 

Speaker: Conrad Fernandes – Johns Hopkins – Applied Physics Laboratory (APL)

Conrad Fernandes is a long time cyber security engineer and architect, with various security certifications (CISSP, GIAC FA, Certified AWS Solutions Architect and Security Specialist, among others) and has worked extensively with US Defense agencies and the DoD since the early 2000’s while at Booz Allen Hamilton. Conrad currently serves as a senior cyber security engineer at the Johns Hopkins Applied Physics Laboratory (APL), where he leads security and governance practices on emerging cloud technologies, including commercial and US GovCloud (e.g., Amazon web services) and Hadoop-based data science platforms from Cloudera and Hortonworks. Conrad recently presented strategies for “Incident Response and Spillage Handling in AWS” at Amazon’s Public Sector Summit and re:Invent Conference. Additionally, Conrad has been researching and implementing security and audit logging and monitoring strategies on data science platforms at Johns Hopkins Medical Institute (JHMI) that utilize various emerging services from Hortonworks Data Platform (HDP) distributions and the collection and correlation of security audit events via Splunk. Conrad also enjoys sharing security best-practices and lessons-learned from the experiences with the larger cloud and big-data communities.

Topic: AWS Security: Central Logging Techniques for Multiple Accounts, and Automating via Cloud Formation Templates

Logging of essential Amazon services, such as Cloudtrail and VPC flow logs, is essential for security and compliance and governance, whether HIPAA, FISMA, PCI and several other regulatory bodies. In this session we will go over the key concepts in detail — such as setting up a central account for managing and retaining log events, by any number of governed (source) accounts;  and the setup for the source accounts to send their respective logs to the centrally managed account.  Since working with multiple accounts can become an issue with scaling and consistency and human errors if the setup was done manually, we will go over better methods using cloud formation templates that help tremendously in that regard by automating the setup!  Last but not least, we will also cover best practices – including codifying in the templates – that will account for any type of Amazon unclassified account – which includes the commercial regions as well as the GovCloud (US) regions.