Security in Practice: Tools and Techniques

Security in Practice: Tools and Techniques

Security is not a one-time activity that is performed and completed. A mature operation promotes continuous improvement in an ever evolving landscape of threats and mitigation techniques. Where does this leave us in the Drupal community?


This presentation focuses on the tools and techniques for promoting security in practice related to Drupal, both the infrastructure and the application. We will explore the different user personas and targeted attacks that can be exploited within typical Drupal applications.


I’ll present recommendations for mitigating these attacks, including multiple uses of two-factor authentication, development best practices, security conscious development workflows, continuous integration and DevOps practices, log analysis integration, community contribution, and alert and monitoring solutions.


This talk is intended for anyone curious about building security into team operations, exposing security-related information needed to improve with time, and solutions specific to securing Drupal implementations. Key takeaways include a set of practices, tools, and considerations for both the people and technology tied to Drupal implementations. Come learn how we can leverage security in many aspects of work we do to build trust, confidence, and mitigate risk.

Other Events this was Presented at: 

Florida Drupal Camp 2018, BADCamp 2018

About the Speaker(s): 

Over the last four years, I have given various presentations at many Drupal events in the United States and several events multiple times. I have been fortunate to provide the keynote for several of those events, including Drupal GovCon, Drupal Asheville, Drupal Colorado, and Drupal Camp St Louis. I have been featured at Florida Drupal Camp, Drupal Asheville, MidCamp, and others. I have given international talks at Drupal North and Drupal Camp Costa Rica. I have presented remotely at Drupal Europe, Stanford Drupal Camp, Drupal 8 Day, and at the DC Drupal Meetup. Topics vary from Drupal 8 development, contribution, technical leadership, security, DevOps, design systems, community, agile, and more.


Here are links to some talks, including recordings:

  1. Better Together: Impact Through Contribution (GovCon keynote)

  2. The Unintentional Findings of a Honey Badger (Asheville keynote)

  3. Restoring Our Lost Imagination (Colorado keynote)  

  4. Security in Practice: Tools and Techniques (Florida featured talk)

  5. My Journey to Understanding Technical Leadership (New Jersey / MidCamp talks)

Session Track term: 
Experience level: