BSidesNcl 2021 Red Teaming AWS: Practice What You Preach Josh Armitage

Culture is defined through action not words. Learn how we built an enduring security focused culture at a Cloud Native consultancy through a surprise red team event. See how we created a company myth that is still the beating heart of the security practice, driving continuous improvement. Building a culture of security is a journey that never ends, but this is a story of how one started. In a previous life working at a Cloud Native consultancy, we were experts on software delivery, but security was a skillset we rapidly needed to grow and cultivate. To that end we conducted a surprise red team exercise targetting our AWS environment, by: Planning a fake company day and making an unanounced assault on our infrastructure Tapping communication lines so we could maintain a steady level of challenge Driving all actions through our most junior members And having a lot of fun Learn how we built an enduring security culture that continues to grow and mature, and has become part of the company folklore. Culture is shaped through action not rhetoric, and if you want truly unlock DevSecOps there are few ways better than this.