Levelling Up Security at Riot Games

Explore the evolution of Riot Games' InfoSec program in this 57-minute conference talk from BruCON Security Conference. Dive into Mark Hillick's 5+ year journey developing a security program based on feedback and self-service across a hybrid infrastructure. Learn about internal RFCs, developer education, collaboration on solutions, and receiving and acting on feedback. Discover in-house tools designed for AWS security posture visibility and open-source contributions. Gain insights into a self-service, feedback-driven approach to security that fosters collaboration rather than animosity. Understand the successes and failures of Riot's InfoSec team, and see how they've implemented lessons from Mark's 2015 BruCON talk on Feedback Security. Note that while the presentation includes engaging visuals, it does not cover exploits, zero-days, or buffer overflows.