AWS’s Abby Fuller on balancing progress with security

11 Oct 2019

Abby Fuller. Image: Amazon Web Services

Abby Fuller discusses her unique path to working in cloud and the pressing need to maintain security during digital transformation.

Abby Fuller, principal technologist and ‘container czarina’ at Amazon Web Services (AWS), flew into Dublin last month from Amazon’s global headquarters in Seattle, Washington, to meet with prospective cloud customers.

In Ireland, Amazon’s cloud computing subsidiary has had a significant impact since it first launched an infrastructure region here in 2007. According to economic research commissioned by AWS, the company has contributed more than €2bn in direct capital between the years 2011 and 2018.

It serves a broad array of Irish clients, doing everything from providing the data and analytics infrastructure for Paddy Power Betfair to helping Ryanair migrate its entire digital experience over to AWS services.

‘We need to help people build secure applications. Part of that, I think, is helping people be secure by default’
– ABBY FULLER

Fuller’s vast knowledge of, and interest in, cloud technology is apparent from the moment our conversation begins. Interestingly, her start into this field is not exactly typical. She initially studied political science in university, then joined a tech start-up immediately after graduation upon realising the full extent of her interest in the sector.

“I had a feeling that I wanted to end up on the tech side,” she explained, and then laughed. “But I had no degree and no experience. So there were some intermediate steps.”

Fuller took up a sales job in tech while building her technical skills, before a boss took a chance and gave her a path into the industry. Now, she has been working in software engineering for more than 10 years.

She believes that the tech industry, especially cloud services, is easier to break into than it once was. “I don’t think people are learning necessarily how to work with cloud providers at school so that levels the playing field for [people trying to break into the field]. Everyone has to learn this stuff, so why not you?

“I think tech has not always been very inclusive, but there are many more paths to tech than there used to be … At some point, it stopped mattering that I don’t have an undergraduate degree in computer science. What we need to figure out is how we do get more people to the point that it doesn’t matter that they didn’t have the same degree.”

Due to her work in containers, she has a particular affinity for the potential application of that technology. However, she has also become more recently excited about how service meshes can be used to allow developers to define and tailor the rules for how applications communicate with each other.

“Maybe in the fullness of time I can run a lambda function and a bunch of containers and an application on Amazon Elastic Compute Cloud (EC2), all within the same mesh. So instead of having to choose – do I use lambda, do I use ECS [Elastic Container Service], do I use Kubernetes, do I do what I was doing on EC2 – you can mix and match your tools.”

Security and innovation

Recent research has begun to show a hesitance emerging within the IT community when it comes to adopting new technologies quickly, due to the possible security implications.

Keeping step with the march of progress can, in the minds of some, mean moving too quickly into a space where maintaining network security gets sidelined. Fuller believes the two should never be mutually exclusive.

“I think I would never tell anyone to push ahead for faster progress at the expense at security,” she said. “Amazon Web Services generally has a shared responsibility model. We’re responsible for the security of everything from the data centres in which you run to the hardware of the instances to the service itself. As a customer, you’re responsible for building secure applications on top of that service.

“To help you do that, we have a bunch of resources for you. Training, tools like Macie or GuardDuty or CloudTrail, autologs or solutions architects to talk to.

“Part of that is an education thing, that we need to help people build secure applications. Part of that, I think, is helping people be secure by default.”

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.

Eva Short was a journalist at Silicon Republic

editorial@siliconrepublic.com