Speakers: Mike Arpaia, Teddy Reed
Level: Intermediate, Lecture
Excerpt: OS X host security at Facebook-scale.
Description: A critical aspect of maintaining a robust infrastructure security posture is being able to ask low-level question of hosts in your environment. Even on a single host, performing operating system analytics can often be complex, error prone and computationally expensive. This presentation will examine how Facebook is attacking host instrumentation at scale. We’ll discuss how you can use the same software that we use, regardless of your scale or environment, for no cost at all.
About the speakers
Mike Arpaia – Facebook (Twitter: @mikearpaia)
Mike Arpaia is a Software Engineer on the security team at Facebook where he builds software to detect, prevent and respond to compromise. Before Facebook, Mike was a Senior Software Engineer on the security team at Etsy, the world’s handmade marketplace. Before working at Etsy, Mike worked at iSEC Partners, where he specialized in mobile application and mobile operating system security.
Mike has previously presented at over a dozen conferences in 7 US states and 3 countries including Black Hat USA, Source Boston, DEFCON and Nordic Security Conference on topics such as data infrastructure and analytics, secure mobile development, mobile exploit intelligence, mobile operating system security and information security education.
Teddy Reed – Facebook
Teddy is a Security Engineer at Facebook developing production protective tools.
Prior to enterprise and product security, he has held several research and development
positions with focuses on large scale system assessments, application penetration
testing, and system and hardware emulation.
Teddy very passionate about trustworthy, safe, and secure code development.
He loves open source and collaborative development when scale, resiliency, and
performance enable defensive and protective software design. Teddy has published
at security conferences on trusted computing, hardware trusted systems, UAVs,
botnet development, human performance engineering, competition game theory,
biometric vulnerabilities, and PaaS API vulnerabilities.