Last year, I spoke at 26 security meetings and conferences. I learn the most when I’m in the field with my heroes. If you have a local meeting or conference that would benefit from any of these topics, let us know and I’ll do my best to show up.
Abstract 1 – Flight Deck Information Assurance Auditing
- Defining the correct “unit of work” in security operations (borrowing from Maintenance Action Forms.)
- “Data Evolution” of extremely technical information that can be understood by executives (and Admirals).
- Ongoing, organic metric collection and analysis in contrast with inspections and audits
- Separating human audits and architecture audits
- Improving auditing using NATOPS Readiness Inspections approaches
Abstract 2 – Cruising on a Security Data Lake: Solving Big Data Challenges in SECOPS
Abstract 3 – Breaking NBAD and UEBA Detection
- BSides Chicago –https://youtu.be/cptpqFdP7nk
- Converge Detroit – https://youtu.be/obm-9iV06i8
Abstract 4 – Metric Driven DEVOPS
Developing software that changes the world, exceeds customer expectations, provides turn-key functionality in diverse scenarios while meeting security and compliance requirements is the holy grail of Security Development Operations (SECDEVOPS). There are thousands of variables that need to be constantly addressed to find the balance that delivers sustainable and secure success. In this session, WitFoo’s chief engineers will outline an innovative approach to secure devops called Metric Driven Development. It will cover the following topics:
– Creating a metric collection infrastructure to alert on security and functionality deficiencies
– Utilizing metrics to write optimized unit and system tests
– The optimal value of code coverage, application pen-testing and static code analysis
– Integrating metrics into customer support evolutions
– The place of containerization in SECDEVOPS
– Build metric driven use cases from hypothesis to pivot
By the conclusion of the session, attendees will have the tools necessary to implement lean and effective development pipelines that deliver secure and useful code in a fraction of the time and at a fraction of the development cost.