Save the Date: Defense in Depth 2016

The Defense in Depth Workshop has brings Red Hat Security Engineering leads to McLean, VA for a day of collaboration and networking. It’s a chance for you to learn about the latest developments (upstream and enterprise) directly from the developers, and for Red Hat engineering to hear directly from you and better understand the challenges you’re facing. Defense in Depth 2016 incorporates briefing tracks led by Federal agencies leading the way in secure innovation.

Defense in Depth 2016 will be held Thursday October 6 in Tysons Corner, VA. An outline of the agenda, registration, and logistics info can be found on the workshop homepage:
Thursday October 6, 2016
Tysons Corner Marriott
8028 Leesburg Pike
Tysons Corner, VA 22182

In 2013, a few Red Hat engineers wanted to host a security-focused technology workshop on security. We felt there was a need for hands-on practitioners to have a workshop where the speakers were Red Hat developers, not marketing or sales. Red Hat Engineering also wanted to receive feedback directly from customers on current state of technologies and roadmap. Over the past few years, members of the DoD/Civ/IC agencies and system integrators have attended the Defense in Depth workshop to learn and share practices used on securing their infrastructures.

Defense in Depth blends hands-on labs with presentations. A sampling of confirmed sessions to give you an idea of the kinds of content to expect this year:

– LT Hinke (USN), of the Container Management System at the National Reconnaissance Office (NRO), will speak about on how NRO is building a private PaaS with OpenShift. What makes this not “another OpenShift story” is how they’re working to embedded security automation into their CI/CD pipeline. As developers push code, a series of security unit tests are performed. Should everything pass, code is directly pushed to production. No delays while security comes in to run manual scans, checks configs, etc. Come hear how this process works — both from the tech used and how negotiations were made with internal security to trust the automated unit tests. LT Hinke was a Department of the Navy Finalists for the 2015 FedScoop 50 award in the category of Federal Leadership for this work.

– CSRA recently completed FedRAMP High accreditation, one of three Cloud Service Providers to achieve this (others being Microsoft and Amazon). To achieve FedRAMP High, CSRA migrated their infrastructure from VMWare to OpenStack. Hear from CSRA on what this process involved, lessons learned, and what it takes to deploy & manage OpenStack for such a high accreditation level.

– At Red Hat Summit 2016, the hands-on workshop “Practical OpenSCAP: Security, Standard Compliance, and Reporting” stepped through how to perform continuous monitoring, natively STIG your box, and run ad-hoc STIG compliance reports. This hands-on lab was rated the #2 session of Summit 2016! Robin Price (Senior Solution Architect @ Red Hat), who delivered the workshop, will deliver this content at Defense in Depth.

– Mark St Laurent, former computer forensics lead of the FBI Computer Analysis Response Team (FBI CART), has spent the past few years at the National Counter Intelligence and Security Center focused on insider threat. Mark will talk about insider threat monitoring using the Linux Audit Subsystem, relevant open source tools, standing up forensic capabilities, and talk through one or two investigations he worked over the years (like when he was responsible for evaluating Robert Hanssen’s hard drive).

The “show & tell” sessions are reserved for engineering to show ideas and technologies that are just maturing. Some of these are ideas and very rough concept implementations, while other sessions reflect tech that may ship in a future version of RHEL.

For example: Steve Grubb (known for maintaining the Linux Audit Subsystem) has been working on application whitelisting (kernel level anti-malware). Last year Steve showed his proof-of-concept kernel module to perform application whitelisting. Since then, Steve has extended the work to evaluate software off Software ID Tags (SWIDs), which uniquely identify applications. The idea is to enumerate known software with these tags, and prevent unknown software from executing. The technology is demonstrable but still under development. The “show & tell” gives Steve a chance to demo the latest capabilities and receive immediate feedback that can influence how app whitelisting will work in Linux.

Defense in Depth is hosted as a community workshop and provided at no charge for attendees. This year we’ve teamed up with Intel Corp to help cover the overhead costs (thanks, Steve Orrin!), which also allows us to bump up the attendee slots. Last year saw ~200 attendees, and with Intel’s help, we’ve bumped that up to 275-300 for 2016!

Registration on the website is now live. We’ve still updating the formal agenda/abstracts, however details, registration and logistics information can be found here:

Your comments and ideas on scheduled topics/sessions, as well as sessions you’d like to see, are extremely welcome. Have something you’d like to present? Ping me offline ( and lets chat about it!