Guillaume Ross

Head of Security

Retour à la liste des conférenciers et sessions

Guillaume Ross Head of Security, Fleet Device Management

Guillaume is Head of Security at Fleet Device Management, the company behind the open source Fleet management platform for managing and using osquery. While he prefers working in startups, he’s been working in security forever in organizations of all types, and prefers looking at the bright side of things and things that WORK instead of repeating 30 year old « best practices » that never have!


Workshop: Fleet and osquery - open source device visibility

Workshops are first-come, first-serve and have limited capacity. Some workshops may be streamed for additional passive participation.


Fleet is an open source management system for osquery, the cross-platform agent that allows you to ask anything of your endpoints, from laptops to servers and containers.

Fleet is an open source management system for osquery, the cross-platform agent that allows you to ask anything of your endpoints, from laptops to servers and containers.

In this workshop we will:

  1. Install Fleet and deploy osquery to endpoints
  2. Use Fleet and osquery to identify software, users, configurations of endpoints (identify!)
  3. Use Fleet to define security policies we want our endpoints to comply with (protect!)
  4. Simulate different techniques based on MITRE ATT&CK, for tactics such as persistence, and then see how they can be detected with Fleet.
  5. We will then integrate Fleet with other software, such as The Hive Project and Slack or email, to trigger workflows based on different scenarios.
Pre-requisites/assumed knowledge:

Familiarity with virtualization tools and Linux or macOS

Participants should prepare by:

A laptop with a Linux VM with Docker to run Fleet, and enough capacity to run a few other VMs as clients. We recommend that participants bring at least 4 VMs in total:

1 Linux VM to use as the server 1 Linux VM to use as a client 2 other VMs of your choice (macOS, Windows, Linux)

Participants must have the following equipment:

A laptop with a Linux VM with Docker to run Fleet, and enough capacity to run a few other VMs as clients. We recommend that participants bring at least 4 VMs in total:

1 Linux VM to use as the server 1 Linux VM to use as a client 2 other VMs of your choice (macOS, Windows, Linux)

Discussion: Detection & Response Block

This is a Q&A session. Moderators will take audience questions both remotely and on-site via sli.do.


Hosted panel discussion and Q&A.

Hosted panel discussion and Q&A.