Skip to main content

Blog Post

Security Talks at DrupalCon New Orleans 2016

by Mark Shropshire
May 25, 2016

While I have had the privilege of attending a number of DrupalCons and camps over the years, I cannot remember one with as many sessions and BOFs (birds of a feather) on the topic of security. In addition to the security talk on the program schedule, I had a great time chatting with individuals in the hallways and a few security focused companies in the exhibit hall. 

I wasn't able to attend all of the sessions and BOFs mentioned below, but I want to highlight my favorite takeaways from the ones I worked into my schedule.

Simplifying Security: Protecting your Clients and your Company covered some common security myths that will surprise many technical and non-technical alike. Make sure to catch the video of the session.

Watch the Hacker Hack dives into the mind of a hacker and how it isn't like the movies. Spoiler alert: The end results can be just as dire for your website and associated data. The session was interactive with video examples of the hacker(s) in action. I plan to watch this session on video again as it was full of interesting details.

Data Security in Drupal 8 was a BOF led by Rick Hawkins. Rick talked about a number of security improvements in Drupal 8.

There was also a lively discussion about data encryption techniques and challenges with securely storing encryption and API keys.

Meet with Security Team Members and Ask Security Questions was led by Michael Hess and other members of the Drupal security team. This BOF was a great reminder that there are still so many ways to get involved in the Drupal community. The article How to join the Drupal Security Team has lots of details on getting involved. Even if you don't want to join security team, the last section of the same page, "Improve Drupal's security from outside the team," is pure gold. So many ways to get involved. The BOF attendees asked questions and discussed Drupal security team processes and how the team dealt with Drupageddon and other security incidents.

It is great to see the awareness of security rising in the community as Drupal continues to drive more enterprise websites and applications. I think that all of the Drupal and related hosting infrastructure best practice discussions will help enterprise and non-enterprise install bases. This kind sharing is one of the many things I love about being part of an open source community.

Security-related sessions and BOFs I didn’t attend

In summary

The number of sessions and interest in security at Drupalcon confirmed to me that attendees realize security is no longer a checkbox within a list of requirements. Security should be an ongoing part of any software development process, just as we do with UX, digital strategy, content architecture, etc. I am looking forward to taking what I have learned to continue educating our clients and the Drupal community on the importance of protecting websites and applications. 

Additional Resources
Highlights from Drupalcon New Orleans | Mediacurrent Blog Post  
The Real Value of Drupalcon | Mediacurrent Blog Post    
How to Prepare Your Team for Drupal 8 | Mediacurrent eBook 


Meet team member, Mark Shropshire

As the Senior Director of Development, Mark “Shrop” loves working at the intersection of leadership and technology. He has a passion for personal and team growth, aligning individual purpose with Mediacurrent vision. Shrop focuses on empowering teams to be their best while using best of class open source technical solutions.  

Over his 20 plus year career leading technical teams, Shrop gained experience in IT roles at a large urban research university and nationally recognized award-winning graphic communications company. Through these experiences, Shrop has learned to lead others with an eye on the big picture, while getting into the details as a software developer, systems architect, and system administrator. One of his proudest accomplishments has been his role in building a stronger technical community in the Charlotte region. For the past several years, Shrop has served as the community co-organizer for the Charlotte Drupal Drive-In event, hosted by CharDUG (Charlotte Drupal User Group) where Shrop is a co-founder. He is a frequent public speaker around meetups and conferences, talking about leadership, technology, productivity, and mentorship.

When not focusing on teams and clients at Mediacurrent, Shrop enjoys spending time with family, podcasting, running live sound, and playing various musical instruments.

Learn more about Mark >

Related Insights