Scaling User Security: Lessons Learned from Shipping Security Features at Etsy

Over the past year, the Etsy Security Engineering Team has been primarily focused on building out new user-facing features to provide proactive protections to our members. On the surface, these features appeared straightforward to implement and roll out; however, we encountered a number of interesting challenges along the way. This talk will provide actionable advice for organizations seeking to ship and support modern security features including full site SSL, two-factor authentication, and account takeover detection. Specifically, we will cover engineering your environment for capacity and resiliency, collecting useful metrics, creating effective anomaly alerts, supporting a global user base, and abstracting away single points of failure with third party providers.

Zane Lackey is the Director of Security Engineering at Etsy and a member of the Advisory Council to the US State Department-backed Open Technology Fund. Prior to Etsy, Zane was a senior security consultant at iSEC Partners.

Kyle Barry is the Security Engineering Manager at Etsy. His work focuses on security and risk engineering for Etsy's internal and user-facing features. Kyle has worked on implementing Etsy's two-factor authentication system for millions of users in over 80 countries. Recently he has been working on solving security issues with big data.