Chris Koehnecke

Chris Koehnecke

VP Security Engineering & CISO, Jit

Chris Koehnecke is VP Security Engineering & CISO at Jit with over 20 years of experience in Cyber Security. Chris is focused on cloud security, security program development, security strategy, assessment, and management of cyber risk.

Chris holds a Bachelor of Science degree in Business Administration with a concentration in Information Systems and a Master of Science degree in Business Information Systems from the University of Kansas. Chris is also a Cisco Certified Network Associate (CCNA), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Archer Certified Consultant (ACC), and holds a Top Secret TS / SCI Security Clearance.

Presentation Abstract

Chris Koehnecke - Defending Your Cloud Native Apps Against the Serverless Top 10

Serverless architecture and patterns have changed the velocity and scale at which modern business applications can be delivered, enabling engineering teams to focus on business value, without having to manage compute resources. As serverless gains adoption, the would-be attackers come prowling - and this means serverless security needs to level up. That said, serverless security knowledge is still not a commodity, as most of the current security tools, apps, and practices are targeted at more legacy architecture patterns, making it challenging to ramp up security at the pace of engineering. Excellent resources have been created over the years, including the OWASP Serverless Top 10, however, understanding how to practically apply these takes time and research if you aren’t a domain expert. In this talk, we’ll take a deep dive into what a typical serverless app composed of lambda functions and containers looks like, including the various layers it’s comprised of code, infrastructure, runtime, and its supply chain. We’ll map each of these to the possible risks based on the OWASP Top 10 list and demo through excellent open-source tools how you can defend your application against these threats on each of your application’s layers. You’ll come away from this talk able to immediately start better securing your serverless apps.