SlideShare ist ein Scribd-Unternehmen logo

Creating a Graph Based Security Organisation - DevSecCon Keynote

Dinis Cruz
Dinis Cruz

As delivered at DevSecCon London 2017

Technologie
1 von 167
Downloaden Sie, um offline zu lesen
Join the conversation #DevSecCon BY DINIS CRUZ, CISO, PHOTOBOX GROUP Creating a Graph-based 
 Security Organisation
This is a presentation about Graphs
Why Graphs?
Graphs are a better framework to look at the problem
Refactor the problem until the solution is easy
What is a graph?
What is a graph?
What is a graph?
What is a graph?
What is a graph?
What is a graph?
Graphs in Security
Graphs in Security
Graphs in Security
Threat Models are Graphs
Threat Models are Graphs
Threat Models are Graphs
Some of biggest tech companies are
 graph companies
Some of biggest tech companies are
 graph companies
Some of biggest tech companies are
 graph companies
Ideas are Graphs
Ideas are Graphs
Ideas are Graphs
Jira Workflows are Graphs
Jira Workflows are Graphs
Jira Workflows are Graphs
Source code
Source code
Source code
…are graphs too
…are graphs too
…are graphs too
Git is a graph
Git is a graph
Git is a graph
Tensor Flow
Tensor Flow
Tensor Flow
Hyperlinks are Graphs (i.e. the web)
Hyperlinks are Graphs (i.e. the web)
Hyperlinks are Graphs (i.e. the web)
Neo4J
Neo4J
Neo4J
Neo4J
Neo4J
Cypher (Neo4j query language)
Cypher (Neo4j query language)
Cypher (Neo4j query language)
Graph Books & Thinking in graphs
Graph Books & Thinking in graphs
Graph Books & Thinking in graphs
Vectors
Vectors (by Elon Musk) https://thinkgrowth.org/what-elon-musk-taught-me-about-growing-a-business-c2c173f5bff3
Vectors (by Elon Musk) https://thinkgrowth.org/what-elon-musk-taught-me-about-growing-a-business-c2c173f5bff3 “Every person in your company is a vector. Your progress is determined by the sum of all vectors.” —  Elon Musk
Align Vectors
Align Vectors
Align Vectors
TeamMentor Graph
TeamMentor example
TeamMentor example
TeamMentor Graphs
TeamMentor Graphs
TeamMentor Graphs
Filter Graph to understand/design it
Filter Graph to understand/design it
Filter Graph to understand/design it
LevelGraph (based on LevelDB)
LevelGraph (based on LevelDB)
LevelGraph (based on LevelDB)
LevelGraph (based on LevelDB)
Viz.js http://visjs.org/examples/network/exampleApplications/worldCupPerformance.html
Viz.js http://visjs.org/examples/network/exampleApplications/worldCupPerformance.html
Viz.js http://visjs.org/examples/network/exampleApplications/worldCupPerformance.html
Jira and Confluence
We use Jira as a Graph Database
We use Jira as a Graph Database Global Key
We use Jira as a Graph Database Labels Global Key
We use Jira as a Graph Database Labels Extra 
 Attributes Global Key
We use Jira as a Graph Database Labels Extra 
 Attributes Global Key Workflows
We use Jira as a Graph Database Labels Extra 
 Attributes Global Key Workflows Assignments
We use Jira as a Graph Database Labels Extra 
 Attributes Global Key Workflows Assignments TimeStamps
We use Jira as a Graph Database Labels Extra 
 Attributes Global Key Workflows Assignments TimeStamps Linked to Epic
Epic captures all risks and tasks
Epic captures all risks and tasks
Confluence page captures facts
Confluence page captures facts
Hyperlinked risks
We use Confluence to view the data
How we handle incidents/events
Task Response is used to capture result
Security organisation as an graph
Security organisation as an graph Each Pillar is mapped to a Capability
Security organisation as an graph Each Pillar is mapped to a Capability Each Capability is mapped to an Programme
Security organisation as an graph Each Pillar is mapped to a Capability Each Capability is mapped to an Programme
Security organisation as an graph Each Pillar is mapped to a Capability Each Capability is mapped to an Programme Each Programme is mapped to a Project
Group Security Projects as Jira Issues
Group Security Projects as Jira Issues
Group Security Projects as Jira Issues
Using OpenSourced API to filter JIRA data 
 (please contribute)
A Company as a graph • Everybody is connected to 
 everybody
A Company as a graph • Everybody is connected to 
 everybody • Interconnections are fundamental for effectiveness
 and scalability
A Company as a graph • Everybody is connected to 
 everybody • Interconnections are fundamental for effectiveness
 and scalability • The Group Security (GS) team is one of the nodes in the interconnected entities
JIRA for Ops Teams • How do you know your team is working?
JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken
JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement
JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement • When tasks are visible to everyone on the team – such as in JIRA
JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement • When tasks are visible to everyone on the team – such as in JIRA • Do you use JIRA?  
JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement • When tasks are visible to everyone on the team – such as in JIRA • Do you use JIRA?   • For those who don’t, how do you keep track of tasks?
JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement • When tasks are visible to everyone on the team – such as in JIRA • Do you use JIRA?   • For those who don’t, how do you keep track of tasks? • A task is a fresh idea
JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement • When tasks are visible to everyone on the team – such as in JIRA • Do you use JIRA?   • For those who don’t, how do you keep track of tasks? • A task is a fresh idea • If you don’t capture or hyperlink it, you will lose it
Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards?
Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is
Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph
Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph • Ensures the graph functions, and grows
Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph • Ensures the graph functions, and grows • Contributes to the achievement of business goals
Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph • Ensures the graph functions, and grows • Contributes to the achievement of business goals • Your Ops team should have a budget to spend on resources to ensure they learn, grow in, master, and ultimately redefine their roles
Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph • Ensures the graph functions, and grows • Contributes to the achievement of business goals • Your Ops team should have a budget to spend on resources to ensure they learn, grow in, master, and ultimately redefine their roles • This requires trust, but if you can’t trust your team, you have problems
Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph • Ensures the graph functions, and grows • Contributes to the achievement of business goals • Your Ops team should have a budget to spend on resources to ensure they learn, grow in, master, and ultimately redefine their roles • This requires trust, but if you can’t trust your team, you have problems • Question: ‘Who is empowered to spend up to £1000 (now)?’
How to Break a Graph • Hyperlinking makes and maintains connections
How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information
How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways
How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways • Unbroken graphs, can expand independently and dynamically
How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways • Unbroken graphs, can expand independently and dynamically • Avatao Open Source case study
How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways • Unbroken graphs, can expand independently and dynamically • Avatao Open Source case study • Hackathons for developers
How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways • Unbroken graphs, can expand independently and dynamically • Avatao Open Source case study • Hackathons for developers • Open source engine:
How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways • Unbroken graphs, can expand independently and dynamically • Avatao Open Source case study • Hackathons for developers • Open source engine: • https://github.com/avatao-content/ challenge-toolbox
Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI
Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI • In DevOps, the production pipeline is pushed faster and faster, creating problems further along the way
Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI • In DevOps, the production pipeline is pushed faster and faster, creating problems further along the way • We need to think of the CI pipeline as a graph
Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI • In DevOps, the production pipeline is pushed faster and faster, creating problems further along the way • We need to think of the CI pipeline as a graph • Write rules (i.e. tests) to validate our expectations
Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI • In DevOps, the production pipeline is pushed faster and faster, creating problems further along the way • We need to think of the CI pipeline as a graph • Write rules (i.e. tests) to validate our expectations • We need Static analysis technology !!!!!! (SAST for CI)
Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI • In DevOps, the production pipeline is pushed faster and faster, creating problems further along the way • We need to think of the CI pipeline as a graph • Write rules (i.e. tests) to validate our expectations • We need Static analysis technology !!!!!! (SAST for CI) • This will allow us to understand how the pipeline behaves and interconnects
Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph
Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their:
Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities,
Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences
Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations
Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations • The good candidates will behave as if they are already working for the company
Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations • The good candidates will behave as if they are already working for the company • hack it (i.e. find vulns and report them)
Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations • The good candidates will behave as if they are already working for the company • hack it (i.e. find vulns and report them) • collaborate with company’s teams
Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations • The good candidates will behave as if they are already working for the company • hack it (i.e. find vulns and report them) • collaborate with company’s teams • Add value (somewhere)
Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations • The good candidates will behave as if they are already working for the company • hack it (i.e. find vulns and report them) • collaborate with company’s teams • Add value (somewhere) • We want to see if they can “think in graphs”
Turning the problem into the Solution
Turning the problem into the Solution
Turning the problem into the Solution
Each square represents a time period
Chiswick Timeline
https://www.youtube.com/watch?v=RlyPSY0KS2k
We (in this room) are the crazy ones

We (in this room) are the crazy ones
 We are the ones that believe we can change the world
Next Summit 2018, June Will you be there?
Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry
Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities
Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities • This is not going to get easier
Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities • This is not going to get easier • Everyone has a role to play
Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities • This is not going to get easier • Everyone has a role to play • Sec industry needs to think of itself as a graph
Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities • This is not going to get easier • Everyone has a role to play • Sec industry needs to think of itself as a graph • We need to leverage connections, data, knowledge, and  experience
Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities • This is not going to get easier • Everyone has a role to play • Sec industry needs to think of itself as a graph • We need to leverage connections, data, knowledge, and  experience • Owasp CDC (Collective Defence Cluster) is a good example of this
Join the conversation #DevSecCon Thanks for listening @DinisCruz

Empfohlen

Owasp summit slides day 2
Owasp summit slides day 2Owasp summit slides day 2
Owasp summit slides day 2
Dinis Cruz
 
Owasp Summit - Wednesday evening briefing master
Owasp Summit - Wednesday evening briefing masterOwasp Summit - Wednesday evening briefing master
Owasp Summit - Wednesday evening briefing master
Dinis Cruz
 
Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)
Dinis Cruz
 
Improving the quality of Cyber Security Hires via Pre-Interview Challenges
Improving the quality of Cyber Security Hires via Pre-Interview Challenges Improving the quality of Cyber Security Hires via Pre-Interview Challenges
Improving the quality of Cyber Security Hires via Pre-Interview Challenges
Dinis Cruz
 
Using threat models to control project brief
Using threat models to control project briefUsing threat models to control project brief
Using threat models to control project brief
Dinis Cruz
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
Shannon Lietz
 
Chaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in ProductionChaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in Production
Keet Sugathadasa
 
Security at the Speed of Software Development
Security at the Speed of Software DevelopmentSecurity at the Speed of Software Development
Security at the Speed of Software Development
DevOps.com
 

Empfohlen

Owasp summit slides day 2
Owasp summit slides day 2Owasp summit slides day 2
Owasp summit slides day 2
Dinis Cruz
 
Owasp Summit - Wednesday evening briefing master
Owasp Summit - Wednesday evening briefing masterOwasp Summit - Wednesday evening briefing master
Owasp Summit - Wednesday evening briefing master
Dinis Cruz
 
Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)
Dinis Cruz
 
Improving the quality of Cyber Security Hires via Pre-Interview Challenges
Improving the quality of Cyber Security Hires via Pre-Interview Challenges Improving the quality of Cyber Security Hires via Pre-Interview Challenges
Improving the quality of Cyber Security Hires via Pre-Interview Challenges
Dinis Cruz
 
Using threat models to control project brief
Using threat models to control project briefUsing threat models to control project brief
Using threat models to control project brief
Dinis Cruz
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
Shannon Lietz
 
Chaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in ProductionChaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in Production
Keet Sugathadasa
 
Security at the Speed of Software Development
Security at the Speed of Software DevelopmentSecurity at the Speed of Software Development
Security at the Speed of Software Development
DevOps.com
 
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on DataAppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
Denim Group
 
Top 10 Tips for Securing and Scaling Atlassian Cloud
Top 10 Tips for Securing and Scaling Atlassian CloudTop 10 Tips for Securing and Scaling Atlassian Cloud
Top 10 Tips for Securing and Scaling Atlassian Cloud
Atlassian
 
Self-Healing at Scale: How Adobe Eliminated Critical Service Outages
Self-Healing at Scale: How Adobe Eliminated Critical Service OutagesSelf-Healing at Scale: How Adobe Eliminated Critical Service Outages
Self-Healing at Scale: How Adobe Eliminated Critical Service Outages
Atlassian
 
DevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident ManagementDevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident Management
ShriniKulkarni
 
Lessons from DevOps: Taking DevOps practices into your AppSec Life
Lessons from DevOps: Taking DevOps practices into your AppSec LifeLessons from DevOps: Taking DevOps practices into your AppSec Life
Lessons from DevOps: Taking DevOps practices into your AppSec Life
Matt Tesauro
 
Get Ready for JIRA 5 - AtlasCamp 2011
Get Ready for JIRA 5 - AtlasCamp 2011Get Ready for JIRA 5 - AtlasCamp 2011
Get Ready for JIRA 5 - AtlasCamp 2011
Atlassian
 
Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual Testing
Denim Group
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
Aaron Rinehart
 
BSides Vienna 2015
BSides Vienna 2015BSides Vienna 2015
BSides Vienna 2015
Daniel Liber
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
Jason Chan
 
Chaos Engineering when you're not Netflix
Chaos Engineering when you're not NetflixChaos Engineering when you're not Netflix
Chaos Engineering when you're not Netflix
Martez Reed
 
Ast in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorAst in CI/CD by Ofer Maor
Ast in CI/CD by Ofer Maor
DevSecCon
 
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon
 
HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing ...
HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing ...HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing ...
HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing ...
Aaron Rinehart
 
A Journey to Enterprise Agility: Migrating 15 Atlassian Instances to Data Center
A Journey to Enterprise Agility: Migrating 15 Atlassian Instances to Data CenterA Journey to Enterprise Agility: Migrating 15 Atlassian Instances to Data Center
A Journey to Enterprise Agility: Migrating 15 Atlassian Instances to Data Center
Atlassian
 
Shifting left – embedding security into the devops pipeline by Mike d. Kail
Shifting left – embedding security into the devops pipeline by Mike d. KailShifting left – embedding security into the devops pipeline by Mike d. Kail
Shifting left – embedding security into the devops pipeline by Mike d. Kail
DevSecCon
 
Embracing Jira Cloud: Tips from an ex-Server admin
Embracing Jira Cloud: Tips from an ex-Server adminEmbracing Jira Cloud: Tips from an ex-Server admin
Embracing Jira Cloud: Tips from an ex-Server admin
Atlassian
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
CloudPassage
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
DevSecOpsSg
 
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are SecureSecurity & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Puppet
 
Team Up Tour - Scaling Agile II by ALM Works
Team Up Tour - Scaling Agile II by ALM WorksTeam Up Tour - Scaling Agile II by ALM Works
Team Up Tour - Scaling Agile II by ALM Works
K15t
 
Agile is Dead :: Pixels Camp 2017
Agile is Dead :: Pixels Camp 2017Agile is Dead :: Pixels Camp 2017
Agile is Dead :: Pixels Camp 2017
Pedro Gustavo Torres
 

Weitere ähnliche Inhalte

Was ist angesagt?

AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on DataAppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
Denim Group
 
Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual Testing
Denim Group
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
Aaron Rinehart
 
BSides Vienna 2015
BSides Vienna 2015BSides Vienna 2015
BSides Vienna 2015
Daniel Liber
 
HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing ...
HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing ...HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing ...
HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing ...
Aaron Rinehart
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
CloudPassage
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
DevSecOpsSg
 
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are SecureSecurity & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Puppet
 

Was ist angesagt? (20)

AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on DataAppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
 
Top 10 Tips for Securing and Scaling Atlassian Cloud
Top 10 Tips for Securing and Scaling Atlassian CloudTop 10 Tips for Securing and Scaling Atlassian Cloud
Top 10 Tips for Securing and Scaling Atlassian Cloud
 
Self-Healing at Scale: How Adobe Eliminated Critical Service Outages
Self-Healing at Scale: How Adobe Eliminated Critical Service OutagesSelf-Healing at Scale: How Adobe Eliminated Critical Service Outages
Self-Healing at Scale: How Adobe Eliminated Critical Service Outages
 
DevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident ManagementDevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident Management
 
Lessons from DevOps: Taking DevOps practices into your AppSec Life
Lessons from DevOps: Taking DevOps practices into your AppSec LifeLessons from DevOps: Taking DevOps practices into your AppSec Life
Lessons from DevOps: Taking DevOps practices into your AppSec Life
 
Get Ready for JIRA 5 - AtlasCamp 2011
Get Ready for JIRA 5 - AtlasCamp 2011Get Ready for JIRA 5 - AtlasCamp 2011
Get Ready for JIRA 5 - AtlasCamp 2011
 
Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual Testing
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
 
BSides Vienna 2015
BSides Vienna 2015BSides Vienna 2015
BSides Vienna 2015
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
 
Chaos Engineering when you're not Netflix
Chaos Engineering when you're not NetflixChaos Engineering when you're not Netflix
Chaos Engineering when you're not Netflix
 
Ast in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorAst in CI/CD by Ofer Maor
Ast in CI/CD by Ofer Maor
 
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...
 
HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing ...
HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing ...HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing ...
HealthConDX Virtual Summit 2021 - How Security Chaos Engineering is Changing ...
 
A Journey to Enterprise Agility: Migrating 15 Atlassian Instances to Data Center
A Journey to Enterprise Agility: Migrating 15 Atlassian Instances to Data CenterA Journey to Enterprise Agility: Migrating 15 Atlassian Instances to Data Center
A Journey to Enterprise Agility: Migrating 15 Atlassian Instances to Data Center
 
Shifting left – embedding security into the devops pipeline by Mike d. Kail
Shifting left – embedding security into the devops pipeline by Mike d. KailShifting left – embedding security into the devops pipeline by Mike d. Kail
Shifting left – embedding security into the devops pipeline by Mike d. Kail
 
Embracing Jira Cloud: Tips from an ex-Server admin
Embracing Jira Cloud: Tips from an ex-Server adminEmbracing Jira Cloud: Tips from an ex-Server admin
Embracing Jira Cloud: Tips from an ex-Server admin
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
 
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are SecureSecurity & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are Secure
 

Ähnlich wie Creating a Graph Based Security Organisation - DevSecCon Keynote

How to Maintain Traceability - While Using Jira
How to Maintain Traceability - While Using JiraHow to Maintain Traceability - While Using Jira
How to Maintain Traceability - While Using Jira
Perforce
 

Ähnlich wie Creating a Graph Based Security Organisation - DevSecCon Keynote (20)

Team Up Tour - Scaling Agile II by ALM Works
Team Up Tour - Scaling Agile II by ALM WorksTeam Up Tour - Scaling Agile II by ALM Works
Team Up Tour - Scaling Agile II by ALM Works
 
Agile is Dead :: Pixels Camp 2017
Agile is Dead :: Pixels Camp 2017Agile is Dead :: Pixels Camp 2017
Agile is Dead :: Pixels Camp 2017
 
Thinking in graphs v1.0
Thinking in graphs v1.0Thinking in graphs v1.0
Thinking in graphs v1.0
 
Thinking in Graphs
Thinking in GraphsThinking in Graphs
Thinking in Graphs
 
Agile in Action - Agile Overview for Developers
Agile in Action - Agile Overview for DevelopersAgile in Action - Agile Overview for Developers
Agile in Action - Agile Overview for Developers
 
Hub and spoke model
Hub and spoke modelHub and spoke model
Hub and spoke model
 
Agile is Dead :: Aginext London 2018
Agile is Dead :: Aginext London 2018Agile is Dead :: Aginext London 2018
Agile is Dead :: Aginext London 2018
 
What is Scrum?
What is Scrum?What is Scrum?
What is Scrum?
 
Tableau Drive, A new methodology for scaling your analytic culture
Tableau Drive, A new methodology for scaling your analytic cultureTableau Drive, A new methodology for scaling your analytic culture
Tableau Drive, A new methodology for scaling your analytic culture
 
Atlassian Community March 2023
Atlassian Community March 2023Atlassian Community March 2023
Atlassian Community March 2023
 
Glasswall 'Squads and Maps' Framework v0.5
Glasswall 'Squads and Maps' Framework v0.5Glasswall 'Squads and Maps' Framework v0.5
Glasswall 'Squads and Maps' Framework v0.5
 
Jira - Solving Reporting Problems using eazyBI
Jira - Solving Reporting Problems using eazyBIJira - Solving Reporting Problems using eazyBI
Jira - Solving Reporting Problems using eazyBI
 
Forming Agile Scrum Teams to Manage DITA Infrastructure
Forming Agile Scrum Teams to Manage DITA InfrastructureForming Agile Scrum Teams to Manage DITA Infrastructure
Forming Agile Scrum Teams to Manage DITA Infrastructure
 
Sprinting Ahead – How RunKeeper Uses Atlassian Tools in a Fast-Paced Agile Wo...
Sprinting Ahead – How RunKeeper Uses Atlassian Tools in a Fast-Paced Agile Wo...Sprinting Ahead – How RunKeeper Uses Atlassian Tools in a Fast-Paced Agile Wo...
Sprinting Ahead – How RunKeeper Uses Atlassian Tools in a Fast-Paced Agile Wo...
 
How to เสร็จเร็ว (Use Agile for your project with team)
How to เสร็จเร็ว (Use Agile for your project with team)How to เสร็จเร็ว (Use Agile for your project with team)
How to เสร็จเร็ว (Use Agile for your project with team)
 
Ultimate Dogfooding: Behind the Scenes of Building the New Jira
Ultimate Dogfooding: Behind the Scenes of Building the New JiraUltimate Dogfooding: Behind the Scenes of Building the New Jira
Ultimate Dogfooding: Behind the Scenes of Building the New Jira
 
Why jira
Why jiraWhy jira
Why jira
 
How to Maintain Traceability - While Using Jira
How to Maintain Traceability - While Using JiraHow to Maintain Traceability - While Using Jira
How to Maintain Traceability - While Using Jira
 
Agile is Dead :: Viana Tech Meetups 2018
Agile is Dead :: Viana Tech Meetups 2018Agile is Dead :: Viana Tech Meetups 2018
Agile is Dead :: Viana Tech Meetups 2018
 
Trending with Purpose
Trending with PurposeTrending with Purpose
Trending with Purpose
 

Mehr von Dinis Cruz

Mehr von Dinis Cruz (20)

Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)
Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)
Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)
 
Glasswall - Safety and Integrity Through Trusted Files
Glasswall - Safety and Integrity Through Trusted FilesGlasswall - Safety and Integrity Through Trusted Files
Glasswall - Safety and Integrity Through Trusted Files
 
Glasswall - How to Prevent, Detect and React to Ransomware incidents
Glasswall - How to Prevent, Detect and React to Ransomware incidentsGlasswall - How to Prevent, Detect and React to Ransomware incidents
Glasswall - How to Prevent, Detect and React to Ransomware incidents
 
The benefits of police and industry investigation - NPCC Conference
The benefits of police and industry investigation - NPCC ConferenceThe benefits of police and industry investigation - NPCC Conference
The benefits of police and industry investigation - NPCC Conference
 
Serverless Security Workflows - cyber talks - 19th nov 2019
Serverless Security Workflows - cyber talks - 19th nov 2019Serverless Security Workflows - cyber talks - 19th nov 2019
Serverless Security Workflows - cyber talks - 19th nov 2019
 
Modern security using graphs, automation and data science
Modern security using graphs, automation and data scienceModern security using graphs, automation and data science
Modern security using graphs, automation and data science
 
Using Wardley Maps to Understand Security's Landscape and Strategy
Using Wardley Maps to Understand Security's Landscape and StrategyUsing Wardley Maps to Understand Security's Landscape and Strategy
Using Wardley Maps to Understand Security's Landscape and Strategy
 
Dinis Cruz (CV) - CISO and Transformation Agent v1.2
Dinis Cruz (CV) - CISO and Transformation Agent v1.2Dinis Cruz (CV) - CISO and Transformation Agent v1.2
Dinis Cruz (CV) - CISO and Transformation Agent v1.2
 
Making fact based decisions and 4 board decisions (Oct 2019)
Making fact based decisions and 4 board decisions (Oct 2019)Making fact based decisions and 4 board decisions (Oct 2019)
Making fact based decisions and 4 board decisions (Oct 2019)
 
CISO Application presentation - Babylon health security
CISO Application presentation - Babylon health securityCISO Application presentation - Babylon health security
CISO Application presentation - Babylon health security
 
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security DecisionsUsing OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
 
GSBot Commands (Slack Bot used to access Jira data)
GSBot Commands (Slack Bot used to access Jira data)GSBot Commands (Slack Bot used to access Jira data)
GSBot Commands (Slack Bot used to access Jira data)
 
(OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6
(OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6 (OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6
(OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6
 
OSBot - Data transformation workflow (from GSheet to Jupyter)
OSBot - Data transformation workflow (from GSheet to Jupyter)OSBot - Data transformation workflow (from GSheet to Jupyter)
OSBot - Data transformation workflow (from GSheet to Jupyter)
 
Jira schemas - Open Security Summit (Working Session 21th May 2019)
Jira schemas - Open Security Summit (Working Session 21th May 2019)Jira schemas - Open Security Summit (Working Session 21th May 2019)
Jira schemas - Open Security Summit (Working Session 21th May 2019)
 
Template for "Sharing anonymised risk theme dashboards v0.8"
Template for "Sharing anonymised risk theme dashboards v0.8"Template for "Sharing anonymised risk theme dashboards v0.8"
Template for "Sharing anonymised risk theme dashboards v0.8"
 
Owasp and summits (may 2019)
Owasp and summits (may 2019)Owasp and summits (may 2019)
Owasp and summits (may 2019)
 
Creating a graph based security organisation - Apr 2019 (OWASP London chapter...
Creating a graph based security organisation - Apr 2019 (OWASP London chapter...Creating a graph based security organisation - Apr 2019 (OWASP London chapter...
Creating a graph based security organisation - Apr 2019 (OWASP London chapter...
 
Open security summit 2019 owasp london 25th feb
Open security summit 2019 owasp london 25th febOpen security summit 2019 owasp london 25th feb
Open security summit 2019 owasp london 25th feb
 
Owasp summit 2019 - OWASP London 25th feb
Owasp summit 2019 - OWASP London 25th febOwasp summit 2019 - OWASP London 25th feb
Owasp summit 2019 - OWASP London 25th feb
 

Kürzlich hochgeladen

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Kürzlich hochgeladen (20)

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 

Creating a Graph Based Security Organisation - DevSecCon Keynote

  • 1. Join the conversation #DevSecCon BY DINIS CRUZ, CISO, PHOTOBOX GROUP Creating a Graph-based 
 Security Organisation
  • 2. This is a presentation about Graphs
  • 4. Graphs are a better framework to look at the problem
  • 5. Refactor the problem until the solution is easy
  • 6. What is a graph?
  • 7. What is a graph?
  • 8. What is a graph?
  • 9. What is a graph?
  • 10. What is a graph?
  • 11. What is a graph?
  • 18. Some of biggest tech companies are
 graph companies
  • 19. Some of biggest tech companies are
 graph companies
  • 20. Some of biggest tech companies are
 graph companies
  • 33. Git is a graph
  • 34. Git is a graph
  • 35. Git is a graph
  • 39. Hyperlinks are Graphs (i.e. the web)
  • 40. Hyperlinks are Graphs (i.e. the web)
  • 41. Hyperlinks are Graphs (i.e. the web)
  • 42. Neo4J
  • 43. Neo4J
  • 44. Neo4J
  • 45. Neo4J
  • 46. Neo4J
  • 47. Cypher (Neo4j query language)
  • 48. Cypher (Neo4j query language)
  • 49. Cypher (Neo4j query language)
  • 50. Graph Books & Thinking in graphs
  • 51. Graph Books & Thinking in graphs
  • 52. Graph Books & Thinking in graphs
  • 54. Vectors (by Elon Musk) https://thinkgrowth.org/what-elon-musk-taught-me-about-growing-a-business-c2c173f5bff3
  • 55. Vectors (by Elon Musk) https://thinkgrowth.org/what-elon-musk-taught-me-about-growing-a-business-c2c173f5bff3 “Every person in your company is a vector. Your progress is determined by the sum of all vectors.” —  Elon Musk
  • 65. Filter Graph to understand/design it
  • 66. Filter Graph to understand/design it
  • 67. Filter Graph to understand/design it
  • 76. We use Jira as a Graph Database
  • 77. We use Jira as a Graph Database Global Key
  • 78. We use Jira as a Graph Database Labels Global Key
  • 79. We use Jira as a Graph Database Labels Extra 
 Attributes Global Key
  • 80. We use Jira as a Graph Database Labels Extra 
 Attributes Global Key Workflows
  • 81. We use Jira as a Graph Database Labels Extra 
 Attributes Global Key Workflows Assignments
  • 82. We use Jira as a Graph Database Labels Extra 
 Attributes Global Key Workflows Assignments TimeStamps
  • 83. We use Jira as a Graph Database Labels Extra 
 Attributes Global Key Workflows Assignments TimeStamps Linked to Epic
  • 84. Epic captures all risks and tasks
  • 85. Epic captures all risks and tasks
  • 89. We use Confluence to view the data
  • 90. How we handle incidents/events
  • 91.
  • 92.
  • 93. Task Response is used to capture result
  • 95. Security organisation as an graph Each Pillar is mapped to a Capability
  • 96. Security organisation as an graph Each Pillar is mapped to a Capability Each Capability is mapped to an Programme
  • 97. Security organisation as an graph Each Pillar is mapped to a Capability Each Capability is mapped to an Programme
  • 98. Security organisation as an graph Each Pillar is mapped to a Capability Each Capability is mapped to an Programme Each Programme is mapped to a Project
  • 99. Group Security Projects as Jira Issues
  • 100. Group Security Projects as Jira Issues
  • 101. Group Security Projects as Jira Issues
  • 102.
  • 103. Using OpenSourced API to filter JIRA data 
 (please contribute)
  • 104. A Company as a graph • Everybody is connected to 
 everybody
  • 105. A Company as a graph • Everybody is connected to 
 everybody • Interconnections are fundamental for effectiveness
 and scalability
  • 106. A Company as a graph • Everybody is connected to 
 everybody • Interconnections are fundamental for effectiveness
 and scalability • The Group Security (GS) team is one of the nodes in the interconnected entities
  • 107. JIRA for Ops Teams • How do you know your team is working?
  • 108. JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken
  • 109. JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement
  • 110. JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement • When tasks are visible to everyone on the team – such as in JIRA
  • 111. JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement • When tasks are visible to everyone on the team – such as in JIRA • Do you use JIRA?  
  • 112. JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement • When tasks are visible to everyone on the team – such as in JIRA • Do you use JIRA?   • For those who don’t, how do you keep track of tasks?
  • 113. JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement • When tasks are visible to everyone on the team – such as in JIRA • Do you use JIRA?   • For those who don’t, how do you keep track of tasks? • A task is a fresh idea
  • 114. JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement • When tasks are visible to everyone on the team – such as in JIRA • Do you use JIRA?   • For those who don’t, how do you keep track of tasks? • A task is a fresh idea • If you don’t capture or hyperlink it, you will lose it
  • 115. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards?
  • 116. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is
  • 117. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph
  • 118. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph • Ensures the graph functions, and grows
  • 119. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph • Ensures the graph functions, and grows • Contributes to the achievement of business goals
  • 120. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph • Ensures the graph functions, and grows • Contributes to the achievement of business goals • Your Ops team should have a budget to spend on resources to ensure they learn, grow in, master, and ultimately redefine their roles
  • 121. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph • Ensures the graph functions, and grows • Contributes to the achievement of business goals • Your Ops team should have a budget to spend on resources to ensure they learn, grow in, master, and ultimately redefine their roles • This requires trust, but if you can’t trust your team, you have problems
  • 122. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph • Ensures the graph functions, and grows • Contributes to the achievement of business goals • Your Ops team should have a budget to spend on resources to ensure they learn, grow in, master, and ultimately redefine their roles • This requires trust, but if you can’t trust your team, you have problems • Question: ‘Who is empowered to spend up to £1000 (now)?’
  • 123. How to Break a Graph • Hyperlinking makes and maintains connections
  • 124. How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information
  • 125. How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways
  • 126. How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways • Unbroken graphs, can expand independently and dynamically
  • 127. How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways • Unbroken graphs, can expand independently and dynamically • Avatao Open Source case study
  • 128. How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways • Unbroken graphs, can expand independently and dynamically • Avatao Open Source case study • Hackathons for developers
  • 129. How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways • Unbroken graphs, can expand independently and dynamically • Avatao Open Source case study • Hackathons for developers • Open source engine:
  • 130. How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways • Unbroken graphs, can expand independently and dynamically • Avatao Open Source case study • Hackathons for developers • Open source engine: • https://github.com/avatao-content/ challenge-toolbox
  • 131. Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI
  • 132. Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI • In DevOps, the production pipeline is pushed faster and faster, creating problems further along the way
  • 133. Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI • In DevOps, the production pipeline is pushed faster and faster, creating problems further along the way • We need to think of the CI pipeline as a graph
  • 134. Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI • In DevOps, the production pipeline is pushed faster and faster, creating problems further along the way • We need to think of the CI pipeline as a graph • Write rules (i.e. tests) to validate our expectations
  • 135. Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI • In DevOps, the production pipeline is pushed faster and faster, creating problems further along the way • We need to think of the CI pipeline as a graph • Write rules (i.e. tests) to validate our expectations • We need Static analysis technology !!!!!! (SAST for CI)
  • 136. Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI • In DevOps, the production pipeline is pushed faster and faster, creating problems further along the way • We need to think of the CI pipeline as a graph • Write rules (i.e. tests) to validate our expectations • We need Static analysis technology !!!!!! (SAST for CI) • This will allow us to understand how the pipeline behaves and interconnects
  • 137. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph
  • 138. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their:
  • 139. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities,
  • 140. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences
  • 141. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations
  • 142. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations • The good candidates will behave as if they are already working for the company
  • 143. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations • The good candidates will behave as if they are already working for the company • hack it (i.e. find vulns and report them)
  • 144. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations • The good candidates will behave as if they are already working for the company • hack it (i.e. find vulns and report them) • collaborate with company’s teams
  • 145. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations • The good candidates will behave as if they are already working for the company • hack it (i.e. find vulns and report them) • collaborate with company’s teams • Add value (somewhere)
  • 146. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations • The good candidates will behave as if they are already working for the company • hack it (i.e. find vulns and report them) • collaborate with company’s teams • Add value (somewhere) • We want to see if they can “think in graphs”
  • 147. Turning the problem into the Solution
  • 148. Turning the problem into the Solution
  • 149. Turning the problem into the Solution
  • 150. Each square represents a time period
  • 152.
  • 153.
  • 154.
  • 155.
  • 157. We (in this room) are the crazy ones

  • 158. We (in this room) are the crazy ones
 We are the ones that believe we can change the world
  • 159. Next Summit 2018, June Will you be there?
  • 160. Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry
  • 161. Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities
  • 162. Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities • This is not going to get easier
  • 163. Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities • This is not going to get easier • Everyone has a role to play
  • 164. Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities • This is not going to get easier • Everyone has a role to play • Sec industry needs to think of itself as a graph
  • 165. Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities • This is not going to get easier • Everyone has a role to play • Sec industry needs to think of itself as a graph • We need to leverage connections, data, knowledge, and  experience
  • 166. Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities • This is not going to get easier • Everyone has a role to play • Sec industry needs to think of itself as a graph • We need to leverage connections, data, knowledge, and  experience • Owasp CDC (Collective Defence Cluster) is a good example of this
  • 167. Join the conversation #DevSecCon Thanks for listening @DinisCruz