Embed Size (px)
DESCRIPTION
My talk on security and making it more devops magic.
Citation preview
SECURITY: STOP SUCKING!
Sunday, 3 November 13
Security persons!
STOP BEING SO NEGATIVE!(yes I realise that is a negative thing to say)
Sunday, 3 November 13
SECURITY: BE MORE POSITIVE
AND WORK WITH PEOPLE!
Sunday, 3 November 13
Be excellent to each other.Devops: It’s all about the tools.(Spoiler alert, it’s not. It’s never has been. It’s about the people...)
But you knew that already...right?
Sunday, 3 November 13
Reducing barriers.Having an approachable security team is the most important thing they can do.
The second you lose the ability to talk to them about anything, you effectively lose your security team.
Sunday, 3 November 13
Understandingvoid function(char *str) {
char buffer[16];
strcpy(buffer,str);}
void main() { char large_string[256]; int i;
for( i = 0; i < 255; i++) large_string[i] = 'A';
function(large_string);}
Sunday, 3 November 13
Yoghurt?Bootcamping: not as unfriendly as it
sounds.•New hires go sit with other teams when they start.•Builds inter-team bonds.•Means you know who to talk to.
Sunday, 3 November 13
Pairing
https://www.etsy.com/listing/90804041/birthday-gift-handmade-polymer-clay
Sunday, 3 November 13
Culture Club!
“But we’re only small”Then you’re doing this already!
*golf clap*
Sunday, 3 November 13
Testing *taps mic*You can unit test your application and your
infrastructure for security!
Wait, someone already gave this talk:http://www.slideshare.net/nickgsuperstar/devopssec-apply-devops-principles-to-security/32
Thanks NickG!
Sunday, 3 November 13
Stop saying “No!”
https://www.etsy.com/listing/160452502/say-yes-8x10-typography-inspirational
Sunday, 3 November 13
User Experience
•Make security the default.•Make security easy.
•Cut people a break.
Sunday, 3 November 13
Awkward? For an Englishman?-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.15 (Darwin)
jA0EAwMCIYkQUL8A8FxgySXGJ5+z6ixZq7ng0FRKqH3oZH2810f1y2lieP2YjzTSeO1d+msE=9wk/-----END PGP MESSAGE-----
Sunday, 3 November 13
Two fact[eo]rsEasy security wins: Two factor authentication•Duo - https://www.duosecurity.com/•Authy - https://www.authy.com/•Google - http://goo.gl/hvre2D•YubiKey - https://www.yubico.com/
Sunday, 3 November 13
Cut people a break?Yes, a security person just said that!
Giving people a way of going:“Yeah, I will do that thing, but I need to do
my work first.”
Sunday, 3 November 13
Software updates
Sunday, 3 November 13
Phishing
“If you go from being 36% on fire to 27% on fire you're still on fire” - Zane Lackey
Sunday, 3 November 13
I’d buy that for a dollar!Given the choice between
and
http://codeascraft.com/2013/08/09/mobile-device-lab/
Sunday, 3 November 13
Openness•Invite anyone and everyone to your security postmortem. (in your company)•Let anyone come to your internal security reviews/post-pen-test.•Remove names, as it’s not about who, it’s about how.
Sunday, 3 November 13
Fin (also, we are hiring...)
Sunday, 3 November 13
