Security Differently

Talks

You can find here links to talks I’ve done in the past, both online and in different venues

Sensemaking with Cynefin framework @ Open Security Summit 2020

Here, together with Phil Huggins we provided an introduciton to Complex Adaptive Systems and how to manage CyberSecurity in each of it’s 5 domains, with an exploration on Strategy.

Video: https://www.youtube.com/watch?v=b7r_iunJJ8E&t=487s

Slides: TBC

Event page: https://open-security-summit.org/tracks/miscellaneous/sense-making-with-cynefin-framework/

User Stories and OWASP ASVS (Application Security Verification Standard) @ Open Security Summit 2020

I led a session at the Open Security Summit on what are User Stories and Scenario Testing and why Security Professionals should get more comfortable in writing them, addressing how they can support transitioning to writing Compliance as Code checks

Slides and video can be found here: https://open-security-summit.org/tracks/owasp-asvs/oss-user-stories-for-all-asvs-requirements-that-people-can-download-and-use/

Issue opened at main ASVS repo can be found here https://github.com/OWASP/ASVS/issues/813

Beating the 1:100 Odds – Team Topologies for Cyber Security @ Open Security Summit 2020

I did a double-act talk alongside Manuel Pais (co-author of Team Topologies book) discussing Team Topologies and how we can apply them to Cyber Security team structures.

Video and slides can be found here: https://open-security-summit.org/tracks/devsecops/team-topologies/

Strategy Development with Wardley Mapping – Applying concepts @ Open Security Summit 2020

In this talk on Wardley mapping without using Wardley maps, I explored mainly the concepts of Doctrine and Climatic patterns to discuss what I believe are 4 problems affecting the Cyber Security industry and my proposals on how to approach them:

  • The Communications problem
  • The Engineering problem
  • The Management problem
  • The Skills and Structure problem

Video and slides can be found here: https://open-security-summit.org/tracks/wardley-maps/working-sessions/strategy-development-applying-the-concepts/

Using Wardley Mapping for Security Strategy and Architecture @ Open Security Summit 2020

In this talk I discussed how I apply Wardley Mapping to help develop Security Strategy and Security architecture, and where I see both being mutually supportive and how they can benefit from Wardley mapping. I also discussed the evolving role of the Architect in the context of Sociotechnical systems.

Video can be found here: https://pre-summit-training-sessions.heysummit.com/talks/using-wardley-mapping-for-security-strategy-and-architecture-development/

To DevSecOps or not to DevSecops: is that a question ? @ Open Security Summit 2020

I did a talk of my archetype based model to discuss the opportunity, challenges and benefits of DevSecOps as a discipline.

We discuss who it’s meant to serve and the 3 different archetypes (Security Unicorns, Gatekeepers and Rainbowmakers) and how we can help each of them with DevSecOps

Video can be found here: https://pre-summit-training-sessions.heysummit.com/talks/to-devsecops-or-not-to-devsecopsis-that-a-question/

To DevSecOps or not to DevSecops: is that a question ? @ Practical DevSecOps Online Meetup

I did a talk of my archetype based model to discuss the opportunity, challenges and benefits of DevSecOps as a discipline.

We discuss who it’s meant to serve and the 3 different archetypes (Security Unicorns, Gatekeepers and Rainbowmakers) and how we can help each of them with DevSecOps

Video and slides can be found here: https://www.practical-devsecops.com/devsecops-live-online-meetup/to-devsecops-or-not-to-devsecops-is-that-a-question/

Compliance as Code: The Why, What and How @ OWASP DevSlop Show

Had a great time talking with Nancy Gariche and Nicole Becher about Compliance as Code. It includes a hands-on lab on using Chef Inspec to do Compliance-as-Code checks which you can integrate in your CI/CD pipelines

Link can be found here: https://www.youtube.com/watch?v=tmlfCc6Ml2k

Compliance as Code @ Dev and Test Meetup Brighton

Did a talk on Compliance as Code, talking about what it can do for you and how it can help communicating between different teams

Link can be found here: https://vimeo.com/365475939

Security Strategy Frames @ Dev and Test Meetup Cambridge

In this talk, I introduced several frames to discuss Security Strategy.

These included Warldey Mapping, Cynefin framework, Cyber Defense Matrix, Cloud Native among others.

Link can be found here: https://vimeo.com/394380134

Shared Responsibility Model @ Dev and Test Meetup Brighton

In this talk I discuss the Azure Shared Responsibility Model and what’s up to the customer to do from a Security perspective, to ensure we understand our responsibilities when using those services

Video can be found here: https://vimeo.com/287813115

Implicit Guidance, OODA loop and Cynefin Framework @ Hired Thought Podcast

Here had a great time talking with Ben Mosior and Ben Ford about many things OODA and Cynefin framework.

Video can be found here: https://www.youtube.com/watch?v=YI1G5LgeOak&t=3246s

Pushing Left Like a Boss @ Dev and Test Meetup Reading

In this talk, I gave Tanya Janca’s talk which she licensed as Open Source at Reading Dev and Test meetup.

Link here: https://www.youtube.com/watch?v=8l2mWE61O-A&t=2s

Evolution-informed Security Strategy @ LearnWardleyMapping Community

Here I talked about having an approach to developing Security Strategy considering Evolution, using principles from Wardley mapping among others.

Video can be found here: https://www.youtube.com/watch?v=PwEjpgxRVCE&t=5274s