BBLISA was founded in July 1992 to provide
a forum for
presentations of interest to system and network
administrators in Boston, MA, and the surrounding areas.
While "LISA" stands for Large Installation System Administration,
BBLISA is for administrators of both large and small networks.
Membership in the group is free and becoming a member is as easy as
subscribing to one of our
The name Back Bay LISA was adopted after the sister organization "Bay LISA", in the San Francisco bay
area. Back Bay is an area of Boston, and Boston being back east and
also on a bay made the name seem appropriate.
We have a
list of sites that are of
interest to System Administrators.
Wednesday, September 9, 2015
Why we can't have nice things. A tale of woe
and hope for the future.
Pete Cheslock, Threat Stack
Computers are hard, and security is even harder. While you?re building
a bespoke host-based intrusion detection system to monitor for
advanced persistent threats, vulnerabilities are uncovered in
30-year-old core Unix programs. Even worse, the same junior level
operations engineer who can (accidentally) provision thousands of
systems and blow your budget away, is the same person who can make one
small change to a security group which now allows all access to your
The cloud is making it easier than ever to provision systems to meet
your infrastructure needs ? and to do so very quickly. Speed to market
is a major competitive advantage that many companies are leveraging
through the concept of Infrastructure as Code. Provisioning hundreds
or thousands of compute instances in mere minutes is now considered an
everyday activity. Everyone wants to move fast.
The long contested battlefield of remote access to production machines
has only gotten uglier since the rise of The Cloud, which has
obliterated the line between building the system and running the
system. ?Lock out the developers? is not an acceptable policy
anymore. Developers inherently build better systems when they
experience running them.
Continuous Integration. Continuous Deployment. But who (or what) is
continually monitoring the state of your operational security?
We?ll discuss the role of security in this new *aaS landscape. We?ll
talk about things to do when you have a dedicated InfoSec team, and
tools you can use when you don?t. We?ll explore what it means to build
in security in the same way you build in quality as part of your
continuous delivery pipelines. And how you can strengthen your
security posture while maintaining your ability to move quickly and
deliver value to your customers.
MIT E-51, Room (tbd)
7:00 - Announcements & Introductions
7:30 - Formal presentation