Campfire Talk: So My Credentials have been Leaked…Now What? – Dwayne McDaniel
October 20 @ 11:45 am
Presented by: Dwayne McDaniel
While we can hope our passwords, API Keys, and certificates are secure and private, hope is not a strategy. Sometimes our credentials become published in a log, source code, or some other source a malicious actor can access. In the best-case scenario, you find out immediately and can work to fix the issue without impacting any other systems or teams. In the more likely worst-case scenario, you have to go through some painful conversations and take significant time away from pushing customer delighting code to deal with a pretty scary circumstance.
Credential leakage is such a terrifying topic, at least in part, due to the paralysis of not knowing what to do, or where to start the conversation. In mature organizations, security teams might have protocols and email addresses in place to escalate these situations. In many organizations, you might be starting from scratch.
This session will look at how to deal with credential leaks from detection through closing the final related ticket the incident generated. We will look at topics such as validation of secrets, scoping impact, assembling the right players, to how to offload tribal knowledge with tools like notebooks and playbooks. We will also look at preventing future leaks with some open source tools and non-intrusive workflow adjustments.
Dwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.