A big thanks to absolutely all the friendly folks that were in my sessions this year at VMware Explore Las Vegas. I promised the folks in my VCF hardening session (VCFT1616LV) a copy of the slides so you’d stop taking photos. Sorry they’re a little late, to be honest I forgot, then my copy of Acrobat needed reinstalling. It’s always something!
The recordings are also up on the free on-demand video library for VMware Explore, too.
VCFB1201LV – Three Cornerstones to Enable a Cyber-Resilient Private Cloud
(Monday morning with Belu de Arbelaiz and Bhanu Vemula)
VCFB1440LV – All About vSphere 8
(Tuesday morning with Dave Morera)
VCFT1616LV – Hardening and Securing VCF
(Monday afternoon, just me)
Please keep in mind that talks like VCFT1616LV:
- are about infrastructure security, not email security, phishing, or other things out of scope for a talk on infrastructure,
- are not long enough to cover everything one might want to talk about, so choices have to be made,
- have context that is spoken during the talk, and may not be obvious from the slide,
- have lists in them because nerds like lists,
- do not make value judgements about the relative organizational priority of these topics vs. others.
The truth is that there’s a lot of collective forgetfulness about hardware because of the cloud. When people are building new on-premises environments they might actually want some guidance about securing the underlying layers. Software companies usually leave that to the hardware vendors, but hardware vendors don’t often have guidance, and they won’t talk about rack security, either. Hence the need for some new discussion on this, conveniently as part of other VMware Cloud Foundation (VCF) hardening.
Other items mentioned during VCFT1616LV are the Dyno Kwick Pick lock picking tool, the Flipper Zero, “Code Complete” by Steve McConnell, and “Offensive Countermeasures” by John Strand. If physical security is interesting to you you might check out videos from a fellow named Deviant Ollam, on physical penetration testing, like “I’ll Let Myself In.” He’s got a bunch of other videos, too. Search for them.
I had an absolute blast seeing many of you throughout the conference, and talking with so many of you about things. In fact, the conference and feedback was overwhelmingly positive. It’s clear to me that the VMware Cloud Foundation division of Broadcom is on the right track with the vision for what on-premises cloud should look like. What remains from here on out is execution.