Chris Farris

I did not get in on Bitcoin when it was getting started. I thought it had some interesting libertarian principles, but I was skeptical of all computer software and determined that it was only one software flaw or mathematical proof away from being rendered completely worthless. Lets face it, entire empires have fallen due to misplaced faith in their cryptographic capabilities. Bitcoin was just too risky. With the collapse of another crypto-currency exchange, and the release of Andy Greeenberg’s new book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, I decided it was worth spending a few hours and AWS credits to check out this blockchain all the crypto-bros are raving about.

My third annual pre:Invent roundup is posted over on Steampipe’s blog. You can also check out 2021 and 2020 if you’re so inclined.

Back in 2018, I wrote a semi-serious post on what you as a security practitioner should be looking for as it relates to re:Invent announcements.

There were a few hot-takes that didn’t warrant mention on my work post, so I’ll include them here for your general amusement.

It’s pre:Invent 2022, the time of year AWS releases a bunch of new products and features that aren’t big enough to make it on the keynote state of re:Invent. One of my long-awaited features was released last night: CloudFormation support for AWS Organizations! Before this release, the management of Service Control Policies, Organizational Units, and AWS Accounts was either artisanal or via third-party tools like org-formation. I can finally manage my AWS Organization using the same IaC as I manage the accounts in that organization.

I tracked down the meaningful insights from the other cloud conferences. I didn’t come away with a rosy outlook for the future.

Like much of InfoSec Twitter, I’ve gone and created a profile on Jerry Bell’s Infosec.exchange. I’m not sure about this whole Mastodon thing. But then again, I created my Twitter account in 2009, and didn’t really start using it till 2017 or so. Anyway, I’m officially @jcfarris@infosec.exchange. I hope Twitter doesn’t implode. I got a lot of value out of it.

I feel like the phrase “disruptor” is an overused, Valley-Bro trope. However I can’t think of a better phrase to describe Tailscale, and what it will do to the enterprise firewall and VPN market for the security 99%.

My latest post at Steampipe.io is Enrich Splunk events with Steampipe . This was a fun one to write because it was a culmination on my recent IR work at BSides Atlanta and BSides Augusta.

I’ve written some crazy contraptions to get this stuff into Splunk, and I’ve got to say, Steampipe made it super easy.

I got a bug to tell everyone about the sessions I’m looking forward to at re:Invent this year. Check it out.

I found myself taking a new job this fall. One surprising aspect of that job was they had scheduled a company all-hands in Kuala Lumpur (KL) in mid-September. So after our family trip to Amsterdam, Finland, Sweden, and Estonia, I now had a trip to South East Asia on my calendar. This post is mainly intended as random travel advice for visiting Malaysia, flying SkyTeam, dealing with internet access, etc. There will be minimal if any, cloud security content.

At BSides Atlanta today I gave a talk on how to handle an incident in AWS. The talk and this post is intended to help those already familiar with the principles of Incident Response to understand what to do when the incident involves the AWS Control Plane. You can find the Slides here.