See how other companies are using Puppet and DevOps practices to help them with security and compliance at PuppetConf 2016 in San Diego. Learn more and register at https://puppet.com/puppetconf/.

1. t
Track Overview:
Security
19 - 21 October
San Diego

2. A Year in Open Source Automated
Compliance With Puppet
This session will provide the attendee with a look at what the SIMP
project has achieved since its debut at PuppetConf 2015. Topic
covered will include a brief overview of the SIMP project, the
creation of a public community, new features, the automated CI
process, code level attestation of Puppet parameters to Policy,
lessons learned, and a glimpse of the future.
2
Thursday, October 20 | 1:30 pm
Trevor Vaughan
VP Engineering, Onyx Point, Inc.
Security

3. Security Roadmap: How We Are
Helping You When Everything is
Burning
This talk will be a walk thru of the puppet security roadmap, where
Puppet fits in the world of Security and the world of Compliance.
Including, identifying what is burning, how to catch things before
they burn, and why these features fit in with defining and aligning
security with a DevOps approach. Additionally, we will do a demo
and walk thru of what we have done to date. This will span things
like our Corrective Change feature to PQL.
3
Thursday, October 20 | 2:30 pm
Verne Lindner
Beth Cornils
Sr. Product Manager, Puppet
UX Designer, Puppet
Security

4. Nice and Secure: Good OpSec
Hygiene With Puppet!
Puppet is a great first step to making your environment more
secure. Evolving your system setup into infrastructure as code
allows a clear audit trail and more inspection of your current state,
allowing you to shine a light on any problem areas in your estate.
But how do we make sure our Puppet setup doesn't make things
less secure whilst making it easier to automate? We're going to talk
about:
4
Thursday, October 20 | 4:45 pm
Professional Services Engineer, Puppet
Peter Souter
Security
● Making sure security is part of your workflow, rather than
an afterthought.
● Best practise with hardening your Puppet architecture.
● Secrets management with the Puppet toolchain.
● Keeping your code clear of plaintext passwords.

5. Using HashiCorp's Vault With
Puppet
One common challenge organizations often face when adopting secret
management solutions like Vault into their infrastructure is how to fetch
secrets from Vault using a configuration management tool like Puppet.
In addition to providing a high-level overview of Vault and Vault's
architecture, this example-driven talk details a few techniques for
retrieving secrets from Vault using Puppet by bridging the gap
between runtime and build time data. Join me on an adventure as we
move our secrets from Hiera to Vault.
5
Friday, October 21 | 11:15 am
Seth Vargo
Director of Evangelism, HashiCorp
Security

6. Puppet as Security Tooling
As a Puppet user, you know the value of Puppet for configuration
management, deployment, and delivery of your applications. What you
may not know is that it is also a powerful tool for securing your
environment and for meeting your compliance and auditing needs. In
this session you’ll see how Puppet can provide policy enforcement,
help monitor compliance requirements, and help with fast response to
security issues. I’ll speak about my experience running a small security
program using Puppet and provide you guidance about where to look
to make wins for your organization.
6
Friday, October 21 | 2:30 pm
Bill Weiss
Manager of SysOps, Puppet
Security

7. How You Actually Get Hacked
One common challenge organizations often face when adopting secret
management solutions like Vault into their infrastructure is how to fetch
secrets from Vault using a configuration management tool like Puppet.
In addition to providing a high-level overview of Vault and Vault's
architecture, this example-driven talk details a few techniques for
retrieving secrets from Vault using Puppet by bridging the gap
between runtime and build time data. Join me on an adventure as we
move our secrets from Hiera to Vault.
7
Friday, October 21 | 3:45 pm
Ben Hughes
Security Engineer, Etsy
Security

8. Want to explore more PuppetConf
sessions?
View our full agenda and other tracks at
puppet.com/puppetconf

9. t
Security:
Speakers
19 - 21 October
San Diego

10. Trevor Vaughan
VP Engineering, Onyx Point, Inc.
Trevor is a co-founder of Onyx Point, Inc. and has been using
Puppet since 0.24 to automate pretty much everything. He is
the organizer of the Baltimore Puppet Users Group and a
voracious Open Source supporter. He is also the technical lead
for the SIMP project, released by the National Security Agency,
to improve the availability of compliant managed platforms to
the systems management industry.

11. Beth Cornils
Sr. Product Manager, Puppet
Beth Cornils is a product manager for Insights and Visibility,
Security, and PuppetDB. She's spent the last 2 years at
Puppet learning about why sysadmins and security people
do what they do. Turns out, Developers, Operations, and
Security people have different motivators. Who knew! Most
important lesson learned from Ops this year, no one cares
about my feature the way I do. They only care how much
glue is needed to make it work. Opservations, they keep me
honest.

12. Verne Lindner
UX Designer, Puppet
Verne Lindner is part of the user experience team at Puppet.
As part of her team, she has designed change reporting tools
for PE's graphical user interface, as well as the GUI's node
graph. She is currently working on aggregate and historical
reporting tools for Puppet-managed systems.

13. Peter Souter
Professional Services Engineer, Puppet
Peter is a Professional Services Engineer at Puppet, and has
been helping people on their first steps on their DevOps
journey for over 5 years. He's been tinkering with Puppet
since 2.7, and finds that listening to Bonobo increases his
work output 50%.

14. Seth Vargo
Director of Evangelism, HashiCorp
Seth Vargo is the Director of Evangelism at HashiCorp.
Previously, Seth worked at Chef (Opscode), CustomInk, and
a few Pittsburgh-based startups. He the author of Learning
Chef and is passionate about reducing inequality in
technology. When he is not writing, working on open source,
or speaking at conferences, Seth enjoys spending time with
his friends and advising non-profits. He loves all things
bacon.

15. Bill Weiss
Manager of SysOps, Puppet
As a red-and-blue-team member turned sysadmin herder, Bill
Weiss had an early introduction to automation in security,
and he's spent the rest of his career trying to bring that idea
to more places. He started out working in the .gov, moved to
Chicago to spend several years at a financial services SaaS,
and finally made it to Portland in 2015 to join Puppet as the
Manager of SysOps, which he thinks is a way better term
than “sysadmin.”

16. Ben Hughes
Security Engineer, Etsy
"Don't call it a comeback, I've been here for years" Ben
maintains he's an information security professional with over
15 long hard years and tens of shell accounts of experience.
He's previously worked as an operations engineer for Puppet
Labs, (yes that long ago, hence the comeback). He's also
worked at global Fortune 500 companies, down to small
startups on key areas of security, networking and
infrastructure. He's spoken all over the world, in any city that
has good third wave coffee, on topics relating to DevOps and
all it entails, intrusion detection, buzzword conscious Docker,
and why curl piped to sudo bash is the worst. He also does a
mean She-Ra impersonation.

17. t
Get on the path
to a better future
Join us 19-21 October in San Diego
Register now
Summer Savings:
Save $240 until 15 September
puppetconf.com