If you’re not an uber-geek, getting started securing your website can be overwhelming. Get pointed in the right direction from a couple pros who’ve “been there; done that.” Learn how to:
avoid big security gotchas;
ask the right questions when engaging outside help;
evaluate some security-specific Drupal modules.
As a bonus, get a customizable incident response template to guide your recovery process when hackers get in.
After this talk, attendees will be able to:
use the Center for Internet Security’s essential security controls to evaluate their current website security;
build a plan to respond to and recover from an incident;
understand how some of the security-specific Drupal modules fit into their site’s security plan.
The ideal attendee for this session is a project manager, site owner, or site builder responsible for site security, and/or creating policy and practices to secure their site and know how to respond to an incident.
If you know what XSS/CSRF mean, and how to mitigate them, this isn’t for you.
Some Drupal site architecture knowledge is helpful, though not required. The concepts covered apply beyond Drupal, but the examples will be Drupal-8 focused.
Carolyn ShannonManager of Technical Documentation @ Pantheon
Carolyn is the Manager of Technical Documentation at Pantheon. She's been a Drupalista for 11 years, building sites with a focus on great content strategy and solid user experience. When she's not waxing poetic about rsync timeouts, she enjoys knitting, running, and spending time with her family.
AJ Van BeestInformation Security Analyst / Fix-it Lackey @ Redacted
AJ loves lots of things - the wild; the rocky, uphill path; continental knitting; II/V/I changes; bikes, skis, and sails; - but most of all his family. He cooks, reads books, creates groaner Dad-Jokes, and occasionally remembers to take the dog outside.
When AJ's not working on his next side hustle, checking snow reports for midwest XC trails, or telling friends "it's just a 60-mile bike ride; come-on!", he can be found battling the Federated Republic of Hackerstan while securing the infrastructure of a midwestern multi-state health care org.
AJ has many professional (and some not-so-professional) letters after his name including: CISSP, GPEN, GWAPT, XXL, H2IK.