Jason Chan leads the cloud security team at Netflix and previously worked in security at large tech companies and startups. The document discusses trends in security hiring, including an increasing demand for security professionals at companies to build their own teams, security vendors, startups, and consulting firms. It describes the types of work in security including defensive and offensive roles, and provides an overview of the security organization and roles at Netflix.
2. I lead the cloud security team @ Netflix
Previously:
- Security at large tech and startups
- Security consulting, defense work
Also:
- Grew up in Whitney Point
- Mom graduated from BU
@chanjbs | chan@netflix.com
16. This drives hiring:
4 Organizations for their own security teams
4 Vendors to build security solutions
4 Startups to invent new security products
4 Services organizations for consulting, audit, etc.
@chanjbs | chan@netflix.com
17. Partially Due to Dynamics of the Field
@chanjbs | chan@netflix.com
18. There are three professions that beat their
practitioners into a state of humility: farming, weather
forecasting, and cyber security.
-- Dan Geer
@chanjbs | chan@netflix.com
25. cybersecurity is perhaps the most difficult intellectual
profession on the planet
-- Dan Geer
@chanjbs | chan@netflix.com
26. So, what's it like to work
in security?
@chanjbs | chan@netflix.com
27. Employer Characteristics
4 Large vs. Small
4 Government vs. Corporate
4 Financial Services vs. Technology
4 East Coast vs. West Coast
4 Startup vs. Established
4 Consultant vs. Full-Time Employee
4 Criticality (e.g. Nuclear Plant or Netflix)
@chanjbs | chan@netflix.com
28. Basic Focus
Build (Defense/Blue Team)
- Defensive product development
- Controls design, architecture, and operations
- Monitoring and response
Break (Offense/Red Team)
- Offensive tools and product development
- Penetration testing
@chanjbs | chan@netflix.com
40. Intelligence, Response, and Investigations
4 Respond to incidents (i.e. fire department)
4 Investigate threat actors targeting Netflix and its
members
4 Produce and integrate security intelligence
@chanjbs | chan@netflix.com
41. Product and Application Security
4 Work on security-related features of the product
4 Examples:
4 Password reset process
4 Credit card storage
4 Help engineers develop secure applications
4 Lead security testing and disclosure programs
@chanjbs | chan@netflix.com
42. Security Tools and Operations
4 Manage our security infrastructure (Amazon Web
Services)
4 Help teams use cloud infrastructure securely
4 Build tools and automation to monitor and secure
the environment
@chanjbs | chan@netflix.com
43. Corporate Information Security
4 Protect our employees and corporate systems
4 Network and device (mobile, laptop) security
4 Vendor risk management
4 Regulatory compliance
@chanjbs | chan@netflix.com
44. Privacy Engineering
4 Design and engineering for consumer data privacy
4 Collection, retention, disposal, use, sharing
4 Compliance with global data privacy requirements
@chanjbs | chan@netflix.com
45. Security Data Analytics
4 Extract security value from large data sets
4 Machine learning
4 Anomaly detection
@chanjbs | chan@netflix.com
46. Device and Content Security
4 Digital Rights Management (DRM)
4 Content partner security
4 Device partner security
4 Secure playback
@chanjbs | chan@netflix.com
47. Platform Security
4 Create security-related software components used
by other developers and services
4 Examples:
4 Encryption key management
4 Network traffic management
@chanjbs | chan@netflix.com
49. Ideal skills & traits for a career in security
4 Computer Science/Engineering/Math training
4 Specific security training is great but not required
4 Communication
4 Creative and pragmatic
4 Curiosity
4 Problem solving
@chanjbs | chan@netflix.com
50. Free resources to learn more
4 Coursera - Dan Boneh's crypto classes
4 OWASP
4 Trail of Bits CTF Guide
4 Twitter
@chanjbs | chan@netflix.com