55. Vectors (by Elon Musk)
https://thinkgrowth.org/what-elon-musk-taught-me-about-growing-a-business-c2c173f5bff3
“Every person in your
company is a vector. Your
progress is determined by
the sum of all vectors.” —
Elon Musk
96. Security organisation as an graph
Each Pillar is mapped to
a Capability
Each Capability is mapped to
an Programme
97. Security organisation as an graph
Each Pillar is mapped to
a Capability
Each Capability is mapped to
an Programme
98. Security organisation as an graph
Each Pillar is mapped to
a Capability
Each Capability is mapped to
an Programme
Each Programme is mapped
to a Project
104. A Company as a graph
• Everybody is connected to
everybody
105. A Company as a graph
• Everybody is connected to
everybody
• Interconnections are
fundamental for effectiveness
and scalability
106. A Company as a graph
• Everybody is connected to
everybody
• Interconnections are
fundamental for effectiveness
and scalability
• The Group Security (GS) team is
one of the nodes in the
interconnected entities
107. JIRA for Ops Teams
• How do you know your team is working?
108. JIRA for Ops Teams
• How do you know your team is working?
• When you see initiative being taken
109. JIRA for Ops Teams
• How do you know your team is working?
• When you see initiative being taken
• Without your direct involvement
110. JIRA for Ops Teams
• How do you know your team is working?
• When you see initiative being taken
• Without your direct involvement
• When tasks are visible to everyone on the
team – such as in JIRA
111. JIRA for Ops Teams
• How do you know your team is working?
• When you see initiative being taken
• Without your direct involvement
• When tasks are visible to everyone on the
team – such as in JIRA
• Do you use JIRA?
112. JIRA for Ops Teams
• How do you know your team is working?
• When you see initiative being taken
• Without your direct involvement
• When tasks are visible to everyone on the
team – such as in JIRA
• Do you use JIRA?
• For those who don’t, how do you keep
track of tasks?
113. JIRA for Ops Teams
• How do you know your team is working?
• When you see initiative being taken
• Without your direct involvement
• When tasks are visible to everyone on the
team – such as in JIRA
• Do you use JIRA?
• For those who don’t, how do you keep
track of tasks?
• A task is a fresh idea
114. JIRA for Ops Teams
• How do you know your team is working?
• When you see initiative being taken
• Without your direct involvement
• When tasks are visible to everyone on the
team – such as in JIRA
• Do you use JIRA?
• For those who don’t, how do you keep
track of tasks?
• A task is a fresh idea
• If you don’t capture or hyperlink it, you
will lose it
115. Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task boards?
116. Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task boards?
• A lean operations team is
117. Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task boards?
• A lean operations team is
• Focussed on maintaining the JIRA graph
118. Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task boards?
• A lean operations team is
• Focussed on maintaining the JIRA graph
• Ensures the graph functions, and grows
119. Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task boards?
• A lean operations team is
• Focussed on maintaining the JIRA graph
• Ensures the graph functions, and grows
• Contributes to the achievement of business
goals
120. Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task boards?
• A lean operations team is
• Focussed on maintaining the JIRA graph
• Ensures the graph functions, and grows
• Contributes to the achievement of business
goals
• Your Ops team should have a budget to
spend on resources to ensure they learn,
grow in, master, and ultimately redefine
their roles
121. Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task boards?
• A lean operations team is
• Focussed on maintaining the JIRA graph
• Ensures the graph functions, and grows
• Contributes to the achievement of business
goals
• Your Ops team should have a budget to
spend on resources to ensure they learn,
grow in, master, and ultimately redefine
their roles
• This requires trust, but if you can’t trust
your team, you have problems
122. Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task boards?
• A lean operations team is
• Focussed on maintaining the JIRA graph
• Ensures the graph functions, and grows
• Contributes to the achievement of business
goals
• Your Ops team should have a budget to
spend on resources to ensure they learn,
grow in, master, and ultimately redefine
their roles
• This requires trust, but if you can’t trust
your team, you have problems
• Question: ‘Who is empowered to spend
up to £1000 (now)?’
123. How to Break a Graph
• Hyperlinking makes and maintains
connections
124. How to Break a Graph
• Hyperlinking makes and maintains
connections
• Always OpenSource information
125. How to Break a Graph
• Hyperlinking makes and maintains
connections
• Always OpenSource information
• Expand the network, let others develop
your information or ideas in new ways
126. How to Break a Graph
• Hyperlinking makes and maintains
connections
• Always OpenSource information
• Expand the network, let others develop
your information or ideas in new ways
• Unbroken graphs, can expand
independently and dynamically
127. How to Break a Graph
• Hyperlinking makes and maintains
connections
• Always OpenSource information
• Expand the network, let others develop
your information or ideas in new ways
• Unbroken graphs, can expand
independently and dynamically
• Avatao Open Source case study
128. How to Break a Graph
• Hyperlinking makes and maintains
connections
• Always OpenSource information
• Expand the network, let others develop
your information or ideas in new ways
• Unbroken graphs, can expand
independently and dynamically
• Avatao Open Source case study
• Hackathons for developers
129. How to Break a Graph
• Hyperlinking makes and maintains
connections
• Always OpenSource information
• Expand the network, let others develop
your information or ideas in new ways
• Unbroken graphs, can expand
independently and dynamically
• Avatao Open Source case study
• Hackathons for developers
• Open source engine:
130. How to Break a Graph
• Hyperlinking makes and maintains
connections
• Always OpenSource information
• Expand the network, let others develop
your information or ideas in new ways
• Unbroken graphs, can expand
independently and dynamically
• Avatao Open Source case study
• Hackathons for developers
• Open source engine:
• https://github.com/avatao-content/
challenge-toolbox
131. Graphs and DevOps
• Continuous Integration (CI) produces graphs, however we don’t test CI
132. Graphs and DevOps
• Continuous Integration (CI) produces graphs, however we don’t test CI
• In DevOps, the production pipeline is pushed faster and faster, creating
problems further along the way
133. Graphs and DevOps
• Continuous Integration (CI) produces graphs, however we don’t test CI
• In DevOps, the production pipeline is pushed faster and faster, creating
problems further along the way
• We need to think of the CI pipeline as a graph
134. Graphs and DevOps
• Continuous Integration (CI) produces graphs, however we don’t test CI
• In DevOps, the production pipeline is pushed faster and faster, creating
problems further along the way
• We need to think of the CI pipeline as a graph
• Write rules (i.e. tests) to validate our expectations
135. Graphs and DevOps
• Continuous Integration (CI) produces graphs, however we don’t test CI
• In DevOps, the production pipeline is pushed faster and faster, creating
problems further along the way
• We need to think of the CI pipeline as a graph
• Write rules (i.e. tests) to validate our expectations
• We need Static analysis technology !!!!!! (SAST for CI)
136. Graphs and DevOps
• Continuous Integration (CI) produces graphs, however we don’t test CI
• In DevOps, the production pipeline is pushed faster and faster, creating
problems further along the way
• We need to think of the CI pipeline as a graph
• Write rules (i.e. tests) to validate our expectations
• We need Static analysis technology !!!!!! (SAST for CI)
• This will allow us to understand how the pipeline behaves and
interconnects
137. Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their skills, talent, and experience in a graph
138. Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their skills, talent, and experience in a graph
• What we want to see from candidates is their:
139. Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their skills, talent, and experience in a graph
• What we want to see from candidates is their:
• GitHub, Twitter, and blogging activities,
140. Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their skills, talent, and experience in a graph
• What we want to see from candidates is their:
• GitHub, Twitter, and blogging activities,
• Contributions at conferences
141. Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their skills, talent, and experience in a graph
• What we want to see from candidates is their:
• GitHub, Twitter, and blogging activities,
• Contributions at conferences
• Open Source collaborations
142. Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their skills, talent, and experience in a graph
• What we want to see from candidates is their:
• GitHub, Twitter, and blogging activities,
• Contributions at conferences
• Open Source collaborations
• The good candidates will behave as if they are
already working for the company
143. Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their skills, talent, and experience in a graph
• What we want to see from candidates is their:
• GitHub, Twitter, and blogging activities,
• Contributions at conferences
• Open Source collaborations
• The good candidates will behave as if they are
already working for the company
• hack it (i.e. find vulns and report them)
144. Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their skills, talent, and experience in a graph
• What we want to see from candidates is their:
• GitHub, Twitter, and blogging activities,
• Contributions at conferences
• Open Source collaborations
• The good candidates will behave as if they are
already working for the company
• hack it (i.e. find vulns and report them)
• collaborate with company’s teams
145. Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their skills, talent, and experience in a graph
• What we want to see from candidates is their:
• GitHub, Twitter, and blogging activities,
• Contributions at conferences
• Open Source collaborations
• The good candidates will behave as if they are
already working for the company
• hack it (i.e. find vulns and report them)
• collaborate with company’s teams
• Add value (somewhere)
146. Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their skills, talent, and experience in a graph
• What we want to see from candidates is their:
• GitHub, Twitter, and blogging activities,
• Contributions at conferences
• Open Source collaborations
• The good candidates will behave as if they are
already working for the company
• hack it (i.e. find vulns and report them)
• collaborate with company’s teams
• Add value (somewhere)
• We want to see if they can “think in graphs”
160. Final Thoughts
• The security industry/community needs to work collaboratively to
keep up with all that is required to protect our industry
161. Final Thoughts
• The security industry/community needs to work collaboratively to
keep up with all that is required to protect our industry
• As cyber-criminals refine their business model and act more like
corporate entities
162. Final Thoughts
• The security industry/community needs to work collaboratively to
keep up with all that is required to protect our industry
• As cyber-criminals refine their business model and act more like
corporate entities
• This is not going to get easier
163. Final Thoughts
• The security industry/community needs to work collaboratively to
keep up with all that is required to protect our industry
• As cyber-criminals refine their business model and act more like
corporate entities
• This is not going to get easier
• Everyone has a role to play
164. Final Thoughts
• The security industry/community needs to work collaboratively to
keep up with all that is required to protect our industry
• As cyber-criminals refine their business model and act more like
corporate entities
• This is not going to get easier
• Everyone has a role to play
• Sec industry needs to think of itself as a graph
165. Final Thoughts
• The security industry/community needs to work collaboratively to
keep up with all that is required to protect our industry
• As cyber-criminals refine their business model and act more like
corporate entities
• This is not going to get easier
• Everyone has a role to play
• Sec industry needs to think of itself as a graph
• We need to leverage connections, data, knowledge, and experience
166. Final Thoughts
• The security industry/community needs to work collaboratively to
keep up with all that is required to protect our industry
• As cyber-criminals refine their business model and act more like
corporate entities
• This is not going to get easier
• Everyone has a role to play
• Sec industry needs to think of itself as a graph
• We need to leverage connections, data, knowledge, and experience
• Owasp CDC (Collective Defence Cluster) is a good example of this