Our aim is to develop security practices, tools and techniques that make information security business-as-usual for all agile organisations.
We contribute to these communities by presenting at conferences, meetups and user group events. If you're interested in having us at your event please get in touch.
So your organisation is migrating away from dedicated infrastructure to a containerised approach? In this session we will explore the security considerations involved in such a migration and outline approaches, tools and guidelines to make this transition (and your data) as safe and secure as possible.
Microservices are big business! Moving away from complex monolithic architectures has a range of well documented benefits to both developers and the business at large.
In this session we take a look at securing microservice architectures and discuss tools, techniques and considerations to achieve this.
You already know that diverse perspectives and problem solving approaches result in increased innovation, better products and services and a better bottom line.
Be inspired to encourage and welcome the next generation of girls and supportive boys into technology.
Find motivation and advice to change the small things for one of the industry’s minorities and be at the crux of this pivotal movement.
Your family, spouses, friends and colleagues will be proud of your support and leadership.
Agile development is a powerful tool for the creation of high-quality software products. It has however scared the life out of many security managers and risk leaders. Once the job of a dedicated security team, security is now the responsibility of all members of our Agile teams.
So how do we bring continuous security to our lifecycles without compromising velocity and innovation? What tools and techniques do we need and when should we apply them?
In this talk, we will examine why security is the new key skills for successful Agile development teams and what you can do to bring it to your teams.
It will not be a surprise to you that of all the elements within our organisations and systems, the people are most likely to expose us to risk. In short we are a mess of emotional unpredictablity that threaten us all (and security professionals are the worst of the bunch).
Many very clever people have spent a long time teaching us this. This is not news.
So if this is the case, why in 20 years of modern information security have we done so little to actively protect them?
Technical vulnerability scanning is now mature and commoditised, allowing us to repeatably test and adapt our systems in the face of a changing threat landscape. The time has come to apply the same logic to our people, actively understand human connectivity and behaviours when faced with threat and understand the effect of this behaviour with our organisations.
This talk will discuss why this is a difficult challenge and introduce AVA, the first automated human vulnerability scanner that allows us to map the connectivity of our people, test them with a range of security threats and measure their behaviour. A tool built to make human security risk (and the effectiveness of our countermeasures and training) measurable.
Let's change the way we approach human security risk. Let's protect our people.
I am a strange sort of software developer.
I write tools that help people stay safe in our interconnected world. I do so because I believe that the internet is a wonderful thing and we all deserve to get the most of it without risk of attack or vulnerability.
The trouble is that to do this I have to do bad things.
I write systems that attack people – electronically. Tools that intentionally try to trick and deceive actual real people and organisations. Tools that emulate some of the darkest most deplorable behaviours in the online world.
My tool, AVA, is an automated human vulnerability scanner. It creates a repeatable and scalable way to simulate a human security attack, so that we can learn how our people react and measure the risk we face.
While these tools are written with noble intention, they are without a doubt weaponisable. For every good-natured defender in the world using them, there are a dozen potential attackers that could benefit from the same toolkit (albeit with a few tweaks).
This is the story of what happens when you open source a tool like this… a tool that could be a weapon in the wrong hands.
This is the true story of the challenges I faced legally, ethically, and technically in making this decision.
This is the story about what happened next and what I learned, of people, vulnerability, and the importance of open source culture in security.
We build amazing applications, wondrous contraptions that are helping people to solve problems and MAKE THINGS BETTER. We are doing this at a record pace, with new code pushed to production servers frequently and by many individual developers. And we are doing this on the Internet, an evil place filled with terrible people who want to do our beautiful code creations harm?
Oh dear, so what now?
Buy a CYBER device or six? Hire a specialist team of ex-hackers? Purchase insurance?
Lol. Let’s face it; this approach hasn’t worked for the last 20 years. Let’s stop wasting time and money and start surviving.
Based on a career working with some of the most dynamic and fast moving organizations we could find, let us show you how to throw out the security rule book and bring continuous, survival focused security to your world (no matter how big or small that world is).
It will not be a surprise to you that out of all the elements within our organisations and systems, people are most likely to expose us to risk.
Technical vulnerability scanning is now mature and commoditised, allowing us to repeatably test and adapt our systems in the face of a changing threat landscape.
The time has come to apply the same logic to our people, actively understand human connectivity and behaviours when faced with threat and understand the effect of this behaviour with our organisations.
This talk will discuss why this is a difficult challenge and introduce AVA, the first automated human vulnerability scanner that allows us to map the connectivity of our people, test them with a range of security threats and measure their behaviour.
BAD PEOPLE want to attack your systems and organizations. They may already have your information and for all we know they are already using your servers to stream movies. Your core application is horribly insecure and you should be DOING STUFF about it. Sound familiar?
Knowing we are at risk is not enough. We must have the skills and knowledge to not just understand security threats but prevent them.
This talk will challenge the way we weave security into our testing, operations, and development workflows and asks everyone, at every level, to take a walk on the darker side of life. Outlining tools, techniques, and workflow strategies to make your organizations and applications safer and more secure, let me teach you how to think like an attacker so we can be more prepared to defend against them.
We now live in a world where we are connected by default. Our systems and people share information in ways we had never considered possible just a few years ago. So how do you make sure that your systems and users are safe and secure when everyone has a super computer in their pocket.
Testers are now at the front line of security. No longer the realm of isolated specialists, security testing and design are now key skills required for development teams. In this presentation Laura discusses the challenges faced when making systems secure by design and how to examine and test the risks that both users and systems experience online.
So the internet is an evil place filled with terrible people who want to do you and your beautiful code creations harm?
Oh dear.. so what now?
Knowing that you need to care about security is an awesome first step on your adventure but sometimes you need a little extra help knowing what to do about it. Let's go on that adventure together. Let's learn how to change the way we approach software development to bring security in from the beginning. In this talk I will teach you essential skills to develop amazing secure software, without getting in the way of the crazy innovation and creativity that leads to wonderful applications.
Think of this talk as security survival skills for awesome developers - just like you.
Agile development is often seen as a delicate balance of ritual and roles allowing for rapid development, continuous deployment and the expansion of the post-it note industry.
Security is often seen as a lumbering giant of process, governance and technology allowing for increased control, reduced risk and the expansion of the technology vendor industry.
What if you could merge the two? No really! What if these two former polar opposites can be made to play nicely together?
People are a problem. We are tangled balls of emotional detritus that masquerades as a trusted member of society. Underneath this lacquered veneer of respectability however writhes a tiny pink squishy ball of vulnerability - the root of all evil, well the root of security issues anyway.
I want to show you why we are all our own worst enemies, why we should never ever be trusted and why security people are the worst of them all.
Then, I will cross the creepy line and introduce AVA, the first prototype automated human vulnerability scanner. A tool for automatically mapping networks of people, attacking them and measuring the results. A tool for spotting the weak link in an organisation.
From a young age, we are taught to be good people. Don't touch that!, Don't go over there! Be careful, you'll break it! We are taught to anticipate what the behaviour of a tool, system or environment should be and interact with it accordingly.
As developers, we apply these rules and behaviours to our code. Not everyone sees the world like this. Security vulnerability often stems from people ignoring the expected behaviour, challenging the edge cases and constantly asking 'what if I press this?' Are we limiting ourselves by being 'good developers'? Can we undo years of education and throw away the rule book? Will that make us bad people or better developers?
Plain English, action-oriented security alerts for the technologies you are actually using.View Dfend
AVA is a next-generation vulnerability scanner designed to make human security testing repeatable, measurable, and empowering. See how people really connect and communicate across a range of networks, technologies and channels and safely explore the flow of information in and out of your organisation.View AVA Secure