4. Be excellent to each other.
Devops: Itâs all about the tools.
(Spoiler alert, itâs not. Itâs never has been.
Itâs about the people...)
But you knew that already
...right?
Sunday, 3 November 13
5. Reducing barriers.
Having an approachable security team is
the most important thing they can do.
The second you lose the ability to talk to
them about anything, you effectively lose
your security team.
Sunday, 3 November 13
6. Understanding
void function(char *str) {
char buffer[16];
}
strcpy(buffer,str);
void main() {
char large_string[256];
int i;
for( i = 0; i < 255; i++)
large_string[i] = 'A';
}
function(large_string);
Sunday, 3 November 13
7. Yoghurt?
Bootcamping: not as unfriendly as it
sounds.
âąNew hires go sit with other teams when
they start.
âąBuilds inter-team bonds.
âąMeans you know who to talk to.
Sunday, 3 November 13
10. Testing *taps mic*
You can unit test your application and your
infrastructure for security!
Wait, someone already gave this talk:
http://www.slideshare.net/nickgsuperstar/
devopssec-apply-devops-principles-to-security/32
Thanks NickG!
Sunday, 3 November 13
13. Awkward? For an Englishman?
-----BEGIN PGP MESSAGE----Version: GnuPG v1.4.15 (Darwin)
jA0EAwMCIYkQUL8A8FxgySXGJ5+z6ixZ
q7ng0FRKqH3oZH2810f1y2lieP2YjzTS
eO1d+msE
=9wk/
-----END PGP MESSAGE-----
Sunday, 3 November 13
14. Two fact[eo]rs
Easy security wins:
Two factor authentication
âąDuo - https://www.duosecurity.com/
âąAuthy - https://www.authy.com/
âąGoogle - http://goo.gl/hvre2D
âąYubiKey - https://www.yubico.com/
Sunday, 3 November 13
15. Cut people a break?
Yes, a security person just said that!
Giving people a way of going:
âYeah, I will do that thing, but I need to do
my work first.â
Sunday, 3 November 13
17. Phishing
âIf you go from being 36% on ïŹre to 27%
on ïŹre you're still on ïŹreâ - Zane Lackey
Sunday, 3 November 13
18. Iâd buy that for a dollar!
Given the choice between
and
http://codeascraft.com/2013/08/09/mobile-device-lab/
Sunday, 3 November 13
19. Openness
âąInvite anyone and everyone to your
security postmortem. (in your company)
âąLet anyone come to your internal security
reviews/post-pen-test.
âąRemove names, as itâs not about who, itâs
about how.
Sunday, 3 November 13