SlideShare uma empresa Scribd logo

Security by default - Building continuous cyber-resilience.

Thoughtworks
Thoughtworks

Single-line of defence security is no longer enough. Organisations need to build security across everything they do - business processes, data handling, platforms, products and services, and understand security as an evolving, responsive, agile setup. In this talk, Dave explains how technology foundations for secure product development and an agile security setup across the board can promote sustainable innovation and enhance cyber-resilience overall.

Tecnologia
1 de 32
Baixar para ler offline
Security by default - is it possible? Are we on the edge of the abyss
Today ● Why? ● Resilience ● Building Blocks ● Future
“Cyber resilience refers to an entity's ability to continuously deliver the intended outcome despite adverse cyber events.”
Source: https://norse-corp.com/map/
Traditional Software Security ● Risk analysis ● Give security requirements ● Set infrastructure standards ● Define compliance & policies A lot of changes Who is taking care of security?
“We need a cybersecurity renaissance in this country that promotes cyber hygiene and a security centric corporate culture applied and continuously reinforced by peer pressure” - James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology
● Direct and Indirect attacks ● Privacy vs Transparency ● How do you control social media? ○ Hint: Consider carefully ● Did you find GDPR difficult? ○ Or are you just hoping no-one looks ● Someone or something intelligent is out there Here’s looking at you…!
Resilience during exponential change
40 years of Processor Performance Source: John Hennessey and David Patterson, Computer Architecture A Quantitative Approach, 2018
What is resilience Cyber resilience helps businesses to recognize that hackers have the advantage of innovative tools, element of surprise, target and can be successful in their attempt. This concept helps business to prepare, prevent, respond and successfully recover to the intended secure state. This is a cultural shift as the organization sees security as a full-time job and embedded security best practices in day-to-day operations. In comparison to cyber security, cyber resilience requires the business to think differently and be more agile on handling attacks.
Resilience during exponential change
CD: Fundamental building block Commit Stage Compile Unit Test Analysis Build Installers Automated Capacity Testing Automated Acceptance Testing Manual Testing Showcases Exploratory Testing Release
Product Owner Experience Designer Business Analyst Developer Tech lead Project Manager Security Analyst Infrastructure Consultant Build security in: Everyone responsible QA
Risk
“If you know almost nothing, almost anything will tell you something” - Douglas W. Hubbard
Risk: Quantify not Qualify
We need to maintain the balance of acceptable risk
Inherent Risk – Impact Assessment? ● What data is stored or processed by system? ● What is the reason for storing? ● What is the sensitivity? ● What services are provided by the system? ● What is the purpose of those services? ● What is the sensitivity? (Business critical? Safety sensitive?) ● What types of users or third parties interact with the system ○ What is the purpose these interactions? ○ What can we say about our trust these users or third parties?
Source: https://logrhythm.com/blog/what-is-the-zero-trust-model-for-cybersecurity/
Zero Trust Architecture, also referred to as Zero Trust Network or simply Zero Trust, refers to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access.
The end of simplicity How the future is more complex than it might appear
A complex adaptive system is a system in which a perfect understanding of the individual parts does not automatically convey a perfect understanding of the whole system's behaviour. -Miller et. al 2007
Butterfly Effect
Butterfly Effect Emergence
Adaption Source: Hiroki Sayama, D.Sc., Collective Dynamics of Complex Systems (CoCo) Research Group at Binghamton University, State University of New York
Dave Elliman Global Head of Technology, ThoughtWorks Thank you

Recomendados

Alice has a Blue Car: Beginning the Conversation Around Ethically Aware Decis...
Alice has a Blue Car: Beginning the Conversation Around Ethically Aware Decis...Alice has a Blue Car: Beginning the Conversation Around Ethically Aware Decis...
Alice has a Blue Car: Beginning the Conversation Around Ethically Aware Decis...Thoughtworks
 
Do No Harm: Do Technologists Need a Code of Ethics?
Do No Harm: Do Technologists Need a Code of Ethics?Do No Harm: Do Technologists Need a Code of Ethics?
Do No Harm: Do Technologists Need a Code of Ethics?Thoughtworks
 
Hardware is hard(er)
Hardware is hard(er)Hardware is hard(er)
Hardware is hard(er)Thoughtworks
 
Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22Thoughtworks
 
The layperson's guide to software architecture
The layperson's guide to software architectureThe layperson's guide to software architecture
The layperson's guide to software architectureThoughtworks
 
Security and Mobility Co Create Week Jakarta
Security and Mobility Co Create Week JakartaSecurity and Mobility Co Create Week Jakarta
Security and Mobility Co Create Week JakartaStefan Streichsbier
 
Super Symposium - Art of the possible
Super Symposium - Art of the possibleSuper Symposium - Art of the possible
Super Symposium - Art of the possibleSteve Woodward
 
EXTENT-2017: Putting AI to Test
EXTENT-2017: Putting AI to TestEXTENT-2017: Putting AI to Test
EXTENT-2017: Putting AI to TestIosif Itkin
 

Mais conteúdo relacionado

Mais procurados

Designers, Developers & Dogs
Designers, Developers & DogsDesigners, Developers & Dogs
Designers, Developers & DogsThoughtworks
 
Playing Nice in the Product Playground #StrataHadoop
Playing Nice in the Product Playground #StrataHadoopPlaying Nice in the Product Playground #StrataHadoop
Playing Nice in the Product Playground #StrataHadoopIntuit Inc.
 
Semantech Inc. InnovationWorx
Semantech Inc. InnovationWorxSemantech Inc. InnovationWorx
Semantech Inc. InnovationWorxStephen Lahanas
 
Grasping the Future: Virtual Hands Control for Fine Motor Tasks
Grasping the Future: Virtual Hands Control for Fine Motor TasksGrasping the Future: Virtual Hands Control for Fine Motor Tasks
Grasping the Future: Virtual Hands Control for Fine Motor TasksRonald Punako, Jr.
 
IoT Meetup Stockholm - Designing Connected Products
IoT Meetup Stockholm - Designing Connected ProductsIoT Meetup Stockholm - Designing Connected Products
IoT Meetup Stockholm - Designing Connected ProductsMartin Charlier
 
NUS-ISS Learning Day 2019-The Power of Data Visualisation
NUS-ISS Learning Day 2019-The Power of Data VisualisationNUS-ISS Learning Day 2019-The Power of Data Visualisation
NUS-ISS Learning Day 2019-The Power of Data VisualisationNUS-ISS
 
O'Reilly Webcast: Ten Things Every Software Architect Should Know
O'Reilly Webcast: Ten Things Every Software Architect Should KnowO'Reilly Webcast: Ten Things Every Software Architect Should Know
O'Reilly Webcast: Ten Things Every Software Architect Should KnowO'Reilly Media
 
Designing Connected Products - Web Directions 2015 Sydney
Designing Connected Products - Web Directions 2015 SydneyDesigning Connected Products - Web Directions 2015 Sydney
Designing Connected Products - Web Directions 2015 SydneyMartin Charlier
 
Prototyping Experiences for Connected Products
Prototyping Experiences for Connected ProductsPrototyping Experiences for Connected Products
Prototyping Experiences for Connected ProductsMartin Charlier
 
Decision Intelligence: How AI and DI (and YOU) are Evolving to the Next Level
Decision Intelligence: How AI and DI (and YOU) are Evolving to the Next LevelDecision Intelligence: How AI and DI (and YOU) are Evolving to the Next Level
Decision Intelligence: How AI and DI (and YOU) are Evolving to the Next LevelLorien Pratt
 
Semantech 2014 Corporate Capabilties
Semantech 2014 Corporate CapabiltiesSemantech 2014 Corporate Capabilties
Semantech 2014 Corporate CapabiltiesStephen Lahanas
 
Why So Many ML Models Don't Make It To Production?
Why So Many ML Models Don't Make It To Production?Why So Many ML Models Don't Make It To Production?
Why So Many ML Models Don't Make It To Production?UXDXConf
 
When we design together
When we design togetherWhen we design together
When we design togetherThoughtworks
 
Design Thinking for Data Science #StrataHadoop
Design Thinking for Data Science #StrataHadoopDesign Thinking for Data Science #StrataHadoop
Design Thinking for Data Science #StrataHadoopIntuit Inc.
 
Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloud Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloudThoughtworks
 
What is a Creative Technologist?
What is a Creative Technologist?What is a Creative Technologist?
What is a Creative Technologist?Simon Whatley
 
Why happier developers create more secure code
Why happier developers create more secure codeWhy happier developers create more secure code
Why happier developers create more secure codeDJ Schleen
 
Machine Learning for Product Managers
Machine Learning for Product ManagersMachine Learning for Product Managers
Machine Learning for Product ManagersThoughtworks
 

Mais procurados (20)

Designers, Developers & Dogs
Designers, Developers & DogsDesigners, Developers & Dogs
Designers, Developers & Dogs
 
Playing Nice in the Product Playground #StrataHadoop
Playing Nice in the Product Playground #StrataHadoopPlaying Nice in the Product Playground #StrataHadoop
Playing Nice in the Product Playground #StrataHadoop
 
Project Guidelines
Project GuidelinesProject Guidelines
Project Guidelines
 
Semantech Inc. InnovationWorx
Semantech Inc. InnovationWorxSemantech Inc. InnovationWorx
Semantech Inc. InnovationWorx
 
Grasping the Future: Virtual Hands Control for Fine Motor Tasks
Grasping the Future: Virtual Hands Control for Fine Motor TasksGrasping the Future: Virtual Hands Control for Fine Motor Tasks
Grasping the Future: Virtual Hands Control for Fine Motor Tasks
 
IoT Meetup Stockholm - Designing Connected Products
IoT Meetup Stockholm - Designing Connected ProductsIoT Meetup Stockholm - Designing Connected Products
IoT Meetup Stockholm - Designing Connected Products
 
NUS-ISS Learning Day 2019-The Power of Data Visualisation
NUS-ISS Learning Day 2019-The Power of Data VisualisationNUS-ISS Learning Day 2019-The Power of Data Visualisation
NUS-ISS Learning Day 2019-The Power of Data Visualisation
 
O'Reilly Webcast: Ten Things Every Software Architect Should Know
O'Reilly Webcast: Ten Things Every Software Architect Should KnowO'Reilly Webcast: Ten Things Every Software Architect Should Know
O'Reilly Webcast: Ten Things Every Software Architect Should Know
 
Designing Connected Products - Web Directions 2015 Sydney
Designing Connected Products - Web Directions 2015 SydneyDesigning Connected Products - Web Directions 2015 Sydney
Designing Connected Products - Web Directions 2015 Sydney
 
Prototyping Experiences for Connected Products
Prototyping Experiences for Connected ProductsPrototyping Experiences for Connected Products
Prototyping Experiences for Connected Products
 
Decision Intelligence: How AI and DI (and YOU) are Evolving to the Next Level
Decision Intelligence: How AI and DI (and YOU) are Evolving to the Next LevelDecision Intelligence: How AI and DI (and YOU) are Evolving to the Next Level
Decision Intelligence: How AI and DI (and YOU) are Evolving to the Next Level
 
Semantech 2014 Corporate Capabilties
Semantech 2014 Corporate CapabiltiesSemantech 2014 Corporate Capabilties
Semantech 2014 Corporate Capabilties
 
Why So Many ML Models Don't Make It To Production?
Why So Many ML Models Don't Make It To Production?Why So Many ML Models Don't Make It To Production?
Why So Many ML Models Don't Make It To Production?
 
When we design together
When we design togetherWhen we design together
When we design together
 
SDNs for the Enterprise
SDNs for the EnterpriseSDNs for the Enterprise
SDNs for the Enterprise
 
Design Thinking for Data Science #StrataHadoop
Design Thinking for Data Science #StrataHadoopDesign Thinking for Data Science #StrataHadoop
Design Thinking for Data Science #StrataHadoop
 
Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloud Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloud
 
What is a Creative Technologist?
What is a Creative Technologist?What is a Creative Technologist?
What is a Creative Technologist?
 
Why happier developers create more secure code
Why happier developers create more secure codeWhy happier developers create more secure code
Why happier developers create more secure code
 
Machine Learning for Product Managers
Machine Learning for Product ManagersMachine Learning for Product Managers
Machine Learning for Product Managers
 

Semelhante a Security by default - Building continuous cyber-resilience.

Security architecture principles isys 0575general att
Security architecture principles isys 0575general attSecurity architecture principles isys 0575general att
Security architecture principles isys 0575general attSHIVA101531
 
Servers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proofServers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proofRUDDER
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingKnoldus Inc.
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
End-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to GreatEnd-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to Greataccenture
 
Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Downaccenture
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
 
How to choose cybersecurity academy in Kerala
How to choose cybersecurity academy in KeralaHow to choose cybersecurity academy in Kerala
How to choose cybersecurity academy in Keralapranavvs2024
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityPriyanka Aash
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Successaccenture
 
Operation: Next Summit Takeaways
Operation: Next Summit TakeawaysOperation: Next Summit Takeaways
Operation: Next Summit Takeawaysaccenture
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCimetrics Inc
 

Semelhante a Security by default - Building continuous cyber-resilience. (20)

Security architecture principles isys 0575general att
Security architecture principles isys 0575general attSecurity architecture principles isys 0575general att
Security architecture principles isys 0575general att
 
Servers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proofServers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proof
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat Modelling
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
Building Security Teams
Building Security TeamsBuilding Security Teams
Building Security Teams
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security Risk
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
End-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to GreatEnd-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to Great
 
Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Down
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
How to choose cybersecurity academy in Kerala
How to choose cybersecurity academy in KeralaHow to choose cybersecurity academy in Kerala
How to choose cybersecurity academy in Kerala
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum Security
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Network Security
Network SecurityNetwork Security
Network Security
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
 
Operation: Next Summit Takeaways
Operation: Next Summit TakeawaysOperation: Next Summit Takeaways
Operation: Next Summit Takeaways
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide Deck
 

Mais de Thoughtworks

Design System as a Product
Design System as a ProductDesign System as a Product
Design System as a ProductThoughtworks
 
Cloud-first for fast innovation
Cloud-first for fast innovationCloud-first for fast innovation
Cloud-first for fast innovationThoughtworks
 
More impact with flexible teams
More impact with flexible teamsMore impact with flexible teams
More impact with flexible teamsThoughtworks
 
Culture of Innovation
Culture of InnovationCulture of Innovation
Culture of InnovationThoughtworks
 
Developer Experience
Developer ExperienceDeveloper Experience
Developer ExperienceThoughtworks
 
Amazon's Culture of Innovation
Amazon's Culture of InnovationAmazon's Culture of Innovation
Amazon's Culture of InnovationThoughtworks
 
When in doubt, go live
When in doubt, go liveWhen in doubt, go live
When in doubt, go liveThoughtworks
 
Don't cross the Rubicon
Don't cross the RubiconDon't cross the Rubicon
Don't cross the RubiconThoughtworks
 
Your test coverage is a lie!
Your test coverage is a lie!Your test coverage is a lie!
Your test coverage is a lie!Thoughtworks
 
Docker container security
Docker container securityDocker container security
Docker container securityThoughtworks
 
Redefining the unit
Redefining the unitRedefining the unit
Redefining the unitThoughtworks
 
A Tribute to Turing
A Tribute to TuringA Tribute to Turing
A Tribute to TuringThoughtworks
 
Rsa maths worked out
Rsa maths worked outRsa maths worked out
Rsa maths worked outThoughtworks
 
Making best-in-class security ubiquitous - Why security is no longer just an ...
Making best-in-class security ubiquitous - Why security is no longer just an ...Making best-in-class security ubiquitous - Why security is no longer just an ...
Making best-in-class security ubiquitous - Why security is no longer just an ...Thoughtworks
 
How to tell secrets
How to tell secretsHow to tell secrets
How to tell secretsThoughtworks
 
Continuous Delivery for Machine Learning
Continuous Delivery for Machine LearningContinuous Delivery for Machine Learning
Continuous Delivery for Machine LearningThoughtworks
 
Holistic approach to cloud adoption
Holistic approach to cloud adoptionHolistic approach to cloud adoption
Holistic approach to cloud adoptionThoughtworks
 
Ada Lovelace Day 2019 - Sydney
Ada Lovelace Day 2019 - SydneyAda Lovelace Day 2019 - Sydney
Ada Lovelace Day 2019 - SydneyThoughtworks
 

Mais de Thoughtworks (20)

Design System as a Product
Design System as a ProductDesign System as a Product
Design System as a Product
 
Cloud-first for fast innovation
Cloud-first for fast innovationCloud-first for fast innovation
Cloud-first for fast innovation
 
More impact with flexible teams
More impact with flexible teamsMore impact with flexible teams
More impact with flexible teams
 
Culture of Innovation
Culture of InnovationCulture of Innovation
Culture of Innovation
 
Dual-Track Agile
Dual-Track AgileDual-Track Agile
Dual-Track Agile
 
Developer Experience
Developer ExperienceDeveloper Experience
Developer Experience
 
Amazon's Culture of Innovation
Amazon's Culture of InnovationAmazon's Culture of Innovation
Amazon's Culture of Innovation
 
When in doubt, go live
When in doubt, go liveWhen in doubt, go live
When in doubt, go live
 
Don't cross the Rubicon
Don't cross the RubiconDon't cross the Rubicon
Don't cross the Rubicon
 
Error handling
Error handlingError handling
Error handling
 
Your test coverage is a lie!
Your test coverage is a lie!Your test coverage is a lie!
Your test coverage is a lie!
 
Docker container security
Docker container securityDocker container security
Docker container security
 
Redefining the unit
Redefining the unitRedefining the unit
Redefining the unit
 
A Tribute to Turing
A Tribute to TuringA Tribute to Turing
A Tribute to Turing
 
Rsa maths worked out
Rsa maths worked outRsa maths worked out
Rsa maths worked out
 
Making best-in-class security ubiquitous - Why security is no longer just an ...
Making best-in-class security ubiquitous - Why security is no longer just an ...Making best-in-class security ubiquitous - Why security is no longer just an ...
Making best-in-class security ubiquitous - Why security is no longer just an ...
 
How to tell secrets
How to tell secretsHow to tell secrets
How to tell secrets
 
Continuous Delivery for Machine Learning
Continuous Delivery for Machine LearningContinuous Delivery for Machine Learning
Continuous Delivery for Machine Learning
 
Holistic approach to cloud adoption
Holistic approach to cloud adoptionHolistic approach to cloud adoption
Holistic approach to cloud adoption
 
Ada Lovelace Day 2019 - Sydney
Ada Lovelace Day 2019 - SydneyAda Lovelace Day 2019 - Sydney
Ada Lovelace Day 2019 - Sydney
 

Último

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 

Último (20)

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 

Security by default - Building continuous cyber-resilience.

  • 1. Security by default - is it possible? Are we on the edge of the abyss
  • 2. Today ● Why? ● Resilience ● Building Blocks ● Future
  • 3. “Cyber resilience refers to an entity's ability to continuously deliver the intended outcome despite adverse cyber events.”
  • 5.
  • 6. Traditional Software Security ● Risk analysis ● Give security requirements ● Set infrastructure standards ● Define compliance & policies A lot of changes Who is taking care of security?
  • 7. “We need a cybersecurity renaissance in this country that promotes cyber hygiene and a security centric corporate culture applied and continuously reinforced by peer pressure” - James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology
  • 8. ● Direct and Indirect attacks ● Privacy vs Transparency ● How do you control social media? ○ Hint: Consider carefully ● Did you find GDPR difficult? ○ Or are you just hoping no-one looks ● Someone or something intelligent is out there Here’s looking at you…!
  • 10. 40 years of Processor Performance Source: John Hennessey and David Patterson, Computer Architecture A Quantitative Approach, 2018
  • 11.
  • 12. What is resilience Cyber resilience helps businesses to recognize that hackers have the advantage of innovative tools, element of surprise, target and can be successful in their attempt. This concept helps business to prepare, prevent, respond and successfully recover to the intended secure state. This is a cultural shift as the organization sees security as a full-time job and embedded security best practices in day-to-day operations. In comparison to cyber security, cyber resilience requires the business to think differently and be more agile on handling attacks.
  • 14. CD: Fundamental building block Commit Stage Compile Unit Test Analysis Build Installers Automated Capacity Testing Automated Acceptance Testing Manual Testing Showcases Exploratory Testing Release
  • 15.
  • 16. Product Owner Experience Designer Business Analyst Developer Tech lead Project Manager Security Analyst Infrastructure Consultant Build security in: Everyone responsible QA
  • 17.
  • 18. Risk
  • 19. “If you know almost nothing, almost anything will tell you something” - Douglas W. Hubbard
  • 21. We need to maintain the balance of acceptable risk
  • 22. Inherent Risk – Impact Assessment? ● What data is stored or processed by system? ● What is the reason for storing? ● What is the sensitivity? ● What services are provided by the system? ● What is the purpose of those services? ● What is the sensitivity? (Business critical? Safety sensitive?) ● What types of users or third parties interact with the system ○ What is the purpose these interactions? ○ What can we say about our trust these users or third parties?
  • 24. Zero Trust Architecture, also referred to as Zero Trust Network or simply Zero Trust, refers to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access.
  • 25. The end of simplicity How the future is more complex than it might appear
  • 26. A complex adaptive system is a system in which a perfect understanding of the individual parts does not automatically convey a perfect understanding of the whole system's behaviour. -Miller et. al 2007
  • 29. Adaption Source: Hiroki Sayama, D.Sc., Collective Dynamics of Complex Systems (CoCo) Research Group at Binghamton University, State University of New York
  • 30.
  • 31.
  • 32. Dave Elliman Global Head of Technology, ThoughtWorks Thank you