My talk on security and making it more devops magic.

1. SECURITY:
STOP SUCKING!
@benjammingh
ben@etsy.com
Sunday, 3 November 13

2. Security persons!
STOP BEING SO NEGATIVE!
(yes I realise that is a negative thing to say)
Sunday, 3 November 13

3. SECURITY: BE
MORE POSITIVE
AND WORK WITH
PEOPLE!
@benjammingh
ben@etsy.com
Sunday, 3 November 13

4. Be excellent to each other.
Devops: It’s all about the tools.
(Spoiler alert, it’s not. It’s never has been.
It’s about the people...)
But you knew that already
...right?
Sunday, 3 November 13

5. Reducing barriers.
Having an approachable security team is
the most important thing they can do.
The second you lose the ability to talk to
them about anything, you effectively lose
your security team.
Sunday, 3 November 13

6. Understanding
void function(char *str) {
char buffer[16];
}
strcpy(buffer,str);
void main() {
char large_string[256];
int i;
for( i = 0; i < 255; i++)
large_string[i] = 'A';
}
function(large_string);
Sunday, 3 November 13

7. Yoghurt?
Bootcamping: not as unfriendly as it
sounds.
•New hires go sit with other teams when
they start.
•Builds inter-team bonds.
•Means you know who to talk to.
Sunday, 3 November 13

8. Pairing
https://www.etsy.com/listing/90804041/birthday-gift-handmade-polymer-clay
Sunday, 3 November 13

9. Culture Club!
“But we’re only small”
Then you’re doing this already!
*golf clap*
Sunday, 3 November 13

10. Testing *taps mic*
You can unit test your application and your
infrastructure for security!
Wait, someone already gave this talk:
http://www.slideshare.net/nickgsuperstar/
devopssec-apply-devops-principles-to-security/32
Thanks NickG!
Sunday, 3 November 13

11. Stop saying “No!”
https://www.etsy.com/listing/160452502/say-yes-8x10-typography-inspirational
Sunday, 3 November 13

12. User Experience
•Make security the default.
•Make security easy.
•Cut people a break.
Sunday, 3 November 13

13. Awkward? For an Englishman?
-----BEGIN PGP MESSAGE----Version: GnuPG v1.4.15 (Darwin)
jA0EAwMCIYkQUL8A8FxgySXGJ5+z6ixZ
q7ng0FRKqH3oZH2810f1y2lieP2YjzTS
eO1d+msE
=9wk/
-----END PGP MESSAGE-----
Sunday, 3 November 13

14. Two fact[eo]rs
Easy security wins:
Two factor authentication
•Duo - https://www.duosecurity.com/
•Authy - https://www.authy.com/
•Google - http://goo.gl/hvre2D
•YubiKey - https://www.yubico.com/
Sunday, 3 November 13

15. Cut people a break?
Yes, a security person just said that!
Giving people a way of going:
“Yeah, I will do that thing, but I need to do
my work first.”
Sunday, 3 November 13

16. Software updates
Sunday, 3 November 13

17. Phishing
“If you go from being 36% on fire to 27%
on fire you're still on fire” - Zane Lackey
Sunday, 3 November 13

18. I’d buy that for a dollar!
Given the choice between
and
http://codeascraft.com/2013/08/09/mobile-device-lab/
Sunday, 3 November 13

19. Openness
•Invite anyone and everyone to your
security postmortem. (in your company)
•Let anyone come to your internal security
reviews/post-pen-test.
•Remove names, as it’s not about who, it’s
about how.
Sunday, 3 November 13

20. Fin
Sunday, 3 November 13
(also, we are hiring...)