Talks & Articles

You can find here links to talks I’ve done in the past, both online and in different venue:

DevSecOps: Shifting Left in Practice @ InfoQ eMag (article)

Was interviewed for InfoQ eMag on the topic of applying Team Topologies to build and developed information security teams. Link here https://www.infoq.com/minibooks/devsecops-emag/

What if our models of risk are insufficient ? Risk modelling in a dynamic environment @ Cloud Security Alliance

Did a talk (cut short as I had tech issues) about different ways to look a information security risk, and why our current models are good but insufficient. https://www.youtube.com/watch?v=uXFA4qAfaVo&t=17309s

DevSecOps: not the tools, the other bits @ InfoQ

Talk for InfoQ focusing on DevSecOps, but avoiding discussion about tools. Link here: https://www.infoq.com/presentations/devsecops-governance-practices-tools/

F5 DevCentral Show: Prepare to D.I.E

Participated in the F5 DevCentral show talking about the CIA and DIE models, and evolution of the security industry

Video: https://www.youtube.com/watch?v=oS1xoMNgczU&t=428s

SnykCon Expert Panel: DevSecOps for Platform teams: A Discussion on Making it Easy to Do the Right Thing

Was part of an expert panel talking about DevSecOps for Platform teams

Video: https://www.youtube.com/watch?v=iLvgA8ztBDg

We Hack Purple Podcast Episode 2 with Mario Platt

Conversation about my different roles and experience

Video: https://www.youtube.com/watch?v=CuVkeYShTUY&t=313s

Building Secure Products for Start-ups

Contributed to the Broadlight Global series on helping startups improve their security posture.

Video can be found here: https://www.youtube.com/watch?v=BF1fCfwNhgI

Sensemaking with Cynefin framework @ Open Security Summit 2020

Here, together with Phil Huggins we provided an introduciton to Complex Adaptive Systems and how to manage CyberSecurity in each of it’s 5 domains, with an exploration on Strategy.

Video: https://www.youtube.com/watch?v=b7r_iunJJ8E&t

Slides: TBC

Event page: https://open-security-summit.org/tracks/miscellaneous/sense-making-with-cynefin-framework/

User Stories and OWASP ASVS (Application Security Verification Standard) @ Open Security Summit 2020

I led a session at the Open Security Summit on what are User Stories and Scenario Testing and why Security Professionals should get more comfortable in writing them, addressing how they can support transitioning to writing Compliance as Code checks

video can be found here: https://www.youtube.com/watch?v=3fxrHDhvcEw&t=5s

Project now exists in https://github.com/OpenSecuritySummit/project-ASVS-User-Stories

Beating the 1:100 Odds – Team Topologies for Cyber Security @ Open Security Summit 2020

I did a double-act talk alongside Manuel Pais (co-author of Team Topologies book) discussing Team Topologies and how we can apply them to Cyber Security team structures.

Video and slides can be found here: https://www.youtube.com/watch?v=WZAnnSmPG7c&t=1913s

Strategy Development with Wardley Mapping – Applying concepts @ Open Security Summit 2020

In this talk on Wardley mapping without using Wardley maps, I explored mainly the concepts of Doctrine and Climatic patterns to discuss what I believe are 4 problems affecting the Cyber Security industry and my proposals on how to approach them:

  • The Communications problem
  • The Engineering problem
  • The Management problem
  • The Skills and Structure problem

Video can be found here: https://www.youtube.com/watch?v=ZcQQ7qxjDEI&t=159s

Using Wardley Mapping for Security Strategy and Architecture @ Open Security Summit 2020

In this talk I discussed how I apply Wardley Mapping to help develop Security Strategy and Security architecture, and where I see both being mutually supportive and how they can benefit from Wardley mapping. I also discussed the evolving role of the Architect in the context of Sociotechnical systems.

Video can be found her: https://www.youtube.com/watch?v=kDs23thv8VE&t=4144s

To DevSecOps or not to DevSecops: is that a question ? @ Open Security Summit 2020

I did a talk of my archetype based model to discuss the opportunity, challenges and benefits of DevSecOps as a discipline.

We discuss who it’s meant to serve and the 3 different archetypes (Security Unicorns, Gatekeepers and Rainbowmakers) and how we can help each of them with DevSecOps

Video can be found here: https://www.youtube.com/watch?v=dHkptfSUWlo&t=2506s

To DevSecOps or not to DevSecops: is that a question ? @ Practical DevSecOps Online Meetup

I did a talk of my archetype based model to discuss the opportunity, challenges and benefits of DevSecOps as a discipline.

We discuss who it’s meant to serve and the 3 different archetypes (Security Unicorns, Gatekeepers and Rainbowmakers) and how we can help each of them with DevSecOps

Video and slides can be found here: Practical DevSecOps Podcast link

Compliance as Code: The Why, What and How @ OWASP DevSlop Show

Had a great time talking with Nancy Gariche and Nicole Becher about Compliance as Code. It includes a hands-on lab on using Chef Inspec to do Compliance-as-Code checks which you can integrate in your CI/CD pipelines

Link can be found here: https://www.youtube.com/watch?v=tmlfCc6Ml2k

Compliance as Code @ Dev and Test Meetup Brighton

Did a talk on Compliance as Code, talking about what it can do for you and how it can help communicating between different teams

Link can be found here: https://vimeo.com/365475939

Security Strategy Frames @ Dev and Test Meetup Cambridge

In this talk, I introduced several frames to discuss Security Strategy.

These included Warldey Mapping, Cynefin framework, Cyber Defense Matrix, Cloud Native among others.

Link can be found here: https://vimeo.com/394380134

Shared Responsibility Model @ Dev and Test Meetup Brighton

In this talk I discuss the Azure Shared Responsibility Model and what’s up to the customer to do from a Security perspective, to ensure we understand our responsibilities when using those services

Video can be found here: https://vimeo.com/287813115

Implicit Guidance, OODA loop and Cynefin Framework @ Hired Thought Podcast

Here had a great time talking with Ben Mosior and Ben Ford about many things OODA and Cynefin framework.

Video can be found here: https://www.youtube.com/watch?v=YI1G5LgeOak&t=3246s

Pushing Left Like a Boss @ Dev and Test Meetup Reading

In this talk, I gave Tanya Janca’s talk which she licensed as Open Source at Reading Dev and Test meetup.

Link here: https://www.youtube.com/watch?v=8l2mWE61O-A&t=2s

Evolution-informed Security Strategy @ LearnWardleyMapping Community

Here I talked about having an approach to developing Security Strategy considering Evolution, using principles from Wardley mapping among others.

Video can be found here: https://www.youtube.com/watch?v=PwEjpgxRVCE&t=5274s