Cyber Scotland Connect: What is Security Engineering?

•Download as PPTX, PDF•

1 like•342 views

Harry McLaren is a managing consultant at ECS who gives a presentation on cybersecurity engineering. Cybersecurity engineering involves building systems, deploying configurations, integrating systems, and developing solutions to protect against, detect, and respond to threats. It is important for engineering projects to consider people, process, technology, the end user, support requirements, and how the solution fits within the business and IT strategies. The presentation provides examples of scenario walkthroughs and best practices for engineers, such as using automation, version control, containers, and cloud technologies.

Technology

What is [Cyber]Security
Engineering?
Harry McLaren – Managing Consultant at ECS

Harry McLaren
•Alumnus of Napier University
• Active Student Mentor
•Managing Consultant at ECS [Security]
• Splunk Enablement Lead, Engineer & Architect
• Previous Roles:
• Security Engineer, SOC Analyst, IT Technician

Coming Up:
•Definition of [Cyber]Security Engineering
•NIST Security Framework
•It’s All About the PPTs!
•Scenario Based Walkthrough
•Best Practices for Engineers in 2018
•Resources
~25mins

Building things to
protect, detect,
and respond
to threats.
[Risk Management Control]

Types of Engineering (Not Exhaustive!)
Systems
Deployment &
Configuration
Systems
Integration
Setup of
Automation &
Orchestration
Solution
Development

It’s All About the PPTs!
Successful
Projects
People
Process
Technology

People & Process
• Who’s the end user?
• Who’s going to
support it?
• How extensible is it?
• What are the training
requirements?
• How do people feel?
• Building champions!
• How does it fit within
the businesses IT?
• How does it align to
the company strategy?
• Does it leverage best
practices for
design/build/deploy?
• How resilient to
change is the solution?

Scenario Walkthrough
1. Business Has Problem: Security Monitoring
Desperate Data Sources, Data Siloed,
Cross-Functional Use Cases, Legacy “Big Data”
Choose a Technology:
2. Magic???
3. 1-12 Months Later…
Success!

Systems Deployment & Configuration
• High/Low-Level
Designs
• Technical Architecture
• Infrastructure Build
• Software Deployment
• Software
Configuration

Integration into Other Systems
• Data Collection
• Data On-boarding
• RESTful API
• CMDB
(Identities & Assets)
• Workflow / Ticketing
• Contextual Analysis

Setup of Automation & Orchestration
• Automated Build
• Auto-scaling
• Responsive Actions
• Version Control
• Configuration
Management

Solution Development
• Data Analytics as a Service
(DAaaS)
• Self Service
• End-to-End Business
Support & Development
• Centres of Excellence
• Solution Champions

Best Practices for Engineers in 2018
• Outcome based
Development
(Lean/Scrum/Agile)
• Version Control (VCS)
• Configuration
Management (CMS)
• Development &
Release Frameworks
(Route-to-Live)
• Capture Knowledge
• Build Lab Environments
• Containerisation for
Rapid & Mobile
Development
• Leverage Cloud Agility
• Consider Multi-Cloud
• Facilitate the Business,
Don’t be a Blocker

Resources
• Splunk/ Data Analytics
• Intro to Splunk
• Free 2-day Course
• Threat Hunting
• Agile based
Development
• Version Control 101
• Configuration
Management 101
• Getting Things Done
Methodology
• Cloud
• Free AWS Tier / Training
• Free Azure Tier / Training
• Starting with Docker
• Starting with Python
• Starting with Go

Say Hello!
@cyberharibu
linkedin.com/in/harrymclaren
harrymclaren.co.uk

Cyber Scotland Connect
•Community Directed Group (What Do You Want?)
Shape Us
•Slack! (Website Coming Soon!)
Connect with Us
•Seeking Contributions (Speaking, Practical Labs, Etc)
Share with Us

Cyber Scotland Connect: What is Security Engineering?

What's hot

Symantec Cyber Security Solutions | MSS and Advanced Threat Protection

infoLock Technologies

Top 10 SIEM Best Practices, SANS Ask the Expert

AccelOps

PaaS security challenges and solutions (salesforce vision)

Olga Lavrentieva

Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM

Anton Goncharov

Outpost24 webinar: Security Analytics: what's in a risk score

Outpost24

Tictaclabs Managed Cyber Security Services

TicTac Data Recovery

As zero trust moves higher up on the CISOs security agenda we’re hosting a webinar to discuss the pros and cons of adopting this new approach and how it can impact your team’s ability to remain agile, whilst protecting your business. As a recent study demonstrates, 34% of security breaches involved insiders in 2019 meaning CISOs are becoming more likely to consider zero trust and it should come as no surprise that many organizations are now eager to adopt a zero-trust security policy.

Outpost24 webinar - Implications when migrating to a Zero Trust model

Outpost24

o successfully prevent infections from becoming a data breach, security analysts need the ability to continuously collect, analyse, correlate and investigate a diverse set of data. Join this webinar to hear Matthias Maier, Splunk Security Product Marketing Manager, discuss the specific data sources and capabilities required to determine the scope of an infection before it turns into a breach. During this session, you'll learn: - The capabilities required to distinguish an infection from a breach - The specific analysis steps to understand the scope of an attack - The data sources required to gain deep and broad visibility - What to look for from network and endpoint data sources

Best Practices for Scoping Infections and Disrupting Breaches

Splunk

Shared Security Responsibility in the AWS Public Cloud

Alert Logic

Issa symc la 5min mr

ISSA LA

LogSentinel SIEM is a cutting-edge next-generation security information and event management (SIEM) system offering simplicity, predictability, and innovation like nobody else on the market. By leveraging the latest innovations in technology like blockchain and machine learning, it helps organizations of all sizes and industries to eliminate their blind spots and reduce the time and cost of incident detection and investigation. LogSentinel SIEM offers one-of-a-kind security innovation: privacy of logs, audit log integrity, unlimited retention, and full visibility, all at a flat and predictable fee. Our zero-setup cloud SIEM, our open-source agent, and built-in CASB can handle every system and every setup (local, cloud, legacy systems, on-prem, or cloud infrastructure) even in complex organizations. Learn more at https://logsentinel.com/

LogSentinel Next-Gen SIEM

Denitsa Dimova

Join Alert Logic Chief Strategy Officer and Co-Founder Misha Govshteyn as he presents his predictions for the state of cloud security in 2016, including: -The rise of cloud adoption and how businesses will approach the cloud -What the threat landscape for cloud environments will look like -How data and analytics will evolve to meet cloud adoption ...and more. You’ll get a clear view of what expert security researchers are expecting in the coming year for organizations like yours who are leveraging the power of cloud infrastructure. See the accompanying webinar here: https://www.alertlogic.com/resources/webinars/top-5-cloud-security-predictions-for-2016/

Top 5 Cloud Security Predictions for 2016

Alert Logic

RSA: Security Analytics Architecture for APT

Lee Wei Yeong

Hosted cloud environments, such as infrastructure as a service (IaaS) or platform as a service (PaaS), offer major IT and business benefits that organizations are looking to realize. Organizations may decide to migrate some part of their IT operations to a hosted cloud environment to realize any number of benefits. Critical Insight Security remains a large impediment to realizing cloud benefits. Numerous concerns still exist around the ability for data privacy, confidentiality, and integrity to be maintained in a cloud environment. Even if adoption is agreed upon, it becomes hard to evaluate vendors that have strong security offerings and even harder to utilize security controls that are internally deployed in the cloud environment. Security Perception: Cloud can be secure although unique security threats and vulnerabilities create concerns for consumers. Balancing Act: Securing an IaaS or PaaS environment is a balancing act of determining whether the vendor or the consumer is responsible for meeting specific security requirements. Structured CSP Selection Process: Most security challenges and concerns can be minimized through our structured process (CAGI) of selecting the trusted CSP partner. Impact and Result The business is adopting a hosted cloud environment and it must be secured, which includes: Ensuring business data cannot be leaked or stolen. Maintaining privacy of data and other information. Securing the network connection points. Determine a balancing act between yourself and your CSP—through contractual and configuration requirements, determine what security requirements your CSP can meet and cover the rest through internal deployment. This blueprint and associated tools are scalable for all types of organizations within various industry sectors.

How to Secure Your IaaS and PaaS Environments

Info-Tech Research Group

DTS Solution - Building a SOC (Security Operations Center)

Shah Sheikh

You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model. Learning Objectives: 1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm? 2: What are the pros and cons of in-house, fully managed and hybrid security? 3: What considerations go into deciding whether to employ a hybrid strategy? (Source: RSA Conference USA 2018)

From SIEM to SOC: Crossing the Cybersecurity Chasm

Priyanka Aash

Outpost24 webinar: Risk-based approach to security assessments

Outpost24

Joe Parltow, CISO, ReliaQuest (www.reliaquest.com) -We’ve all heard it before; SIEM is dead, defense is boring, logs suck, etc. The fact is having total visibility into what’s happening on your network is absolutely necessary and keeps you from having to answer questions like “How did you not know we were compromised for the past 6 months!” This talk focuses on advanced tips and tricks you can implement with your SIEM to give you better visibility into all areas of your environment. Also includes top secret, 1337 (ok maybe just average) code snippets.

Information Security: Advanced SIEM Techniques

ReliaQuest

Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...

centralohioissa

Vulnerability Testing Services Case Study

Nandita Nityanandam

What's hot (20)

Symantec Cyber Security Solutions | MSS and Advanced Threat Protection

Top 10 SIEM Best Practices, SANS Ask the Expert

PaaS security challenges and solutions (salesforce vision)

Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM

Outpost24 webinar: Security Analytics: what's in a risk score

Tictaclabs Managed Cyber Security Services

Outpost24 webinar - Implications when migrating to a Zero Trust model

Best Practices for Scoping Infections and Disrupting Breaches

Shared Security Responsibility in the AWS Public Cloud

Issa symc la 5min mr

LogSentinel Next-Gen SIEM

Top 5 Cloud Security Predictions for 2016

RSA: Security Analytics Architecture for APT

How to Secure Your IaaS and PaaS Environments

DTS Solution - Building a SOC (Security Operations Center)

From SIEM to SOC: Crossing the Cybersecurity Chasm

Outpost24 webinar: Risk-based approach to security assessments

Information Security: Advanced SIEM Techniques

Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...

Vulnerability Testing Services Case Study

Similar to Cyber Scotland Connect: What is Security Engineering?

DevSecOps is a recent offshoot of the DevOps movement, which doubles down on the importance of security. As security continues to be downplayed or ignored even as the threat landscape explodes, DevSecOps promotes a set of well-developed design principles and engineering patterns which involve security owners and product designers much earlier. DevSecOps lays out a robust and practical blueprint for building security features into the design process, leveraging new engineering tools and patterns and creating a secure, defensible software right from the start. Join Chris Knotts, Innovation Product Director at Cprime, to: - Learn how the concept of "shifting left" applies to application security and how to prioritize security requirements earlier in the design process - Get an introduction to a few of the most effective engineering tools for implementing DevSecOps, including popular code scanners, dependency checkers, and free open-source products - Understand how progress with DevSecOps depends on roles and stakeholders outside of just security staff

The What, Why, and How of DevSecOps

Cprime

Road to rockstar system analyst

Mizno Kruge

Ahmed Yaser CV 10-2015

Ahmed Yaser Ibrahim

NIST Cybersecurity Framework (CSF) on the Public Cloud

CloudHesive

As part of key IT initiatives to improve customer experience, reduce IT costs, ensure compliance and increase reliability, Akbank took on an audacious project to apply DevOps principles and an Agile approach as standard across all of the bank's applications, including customer-facing, branch infrastructure, multi-channel architecture and mainframe areas. Building a tool chain that covers project initiation through to deployment in production in such a complex environment is a challenging task. Akbank chose to link its existing toolset using CA Release Automation as a Continuous Delivery backbone, with CA Harvest and CA Endevor to manage source code, build and package tasks. This session will explore the vision to improve the development cycle, as well as the requirements for the project, and ultimately the benefits being realized. For more information, please visit http://cainc.to/Nv2VOe

Applying DevOps from the Mobile to the Mainframe

CA Technologies

Open Day 2015

Santos Pardos. MBA,CEA,TOGAF,PMP, PMI-PBA

In the ever-evolving, fast-paced Agile development world, application security has not scaled well. Incorporating application security and testing into the current development process is difficult, leading to incomplete tooling or unorthodox stoppages due to the required manual security assessments. Development teams are working with a backlog of stories—stories that are typically focused on features and functionality instead of security. Traditionally, security was viewed as a prevention of progress, but there are ways to incorporate security activities without hindering development. There are many types of security activities you can bake into your current development lifecycles—tooling, assessments, stories, scrums, iterative reviews, repo and bug tracking integrations—every organization has a unique solution and there are positives and negatives to each of them. In this slide deck, we go through the various solutions to help build security into the development process.

AppSec in an Agile World

David Lindner

Lynx Overview

Rick Lavigne

CNIT 160 Ch 4a: Information Security Programs

Sam Bowne

Cloud Enablement Engine Role Definition and Mapping

Tom Laszewski

ITAM AUS 2017 How to get SAM happily frolicking on the Cloud

Martin Thompson

CNIT 160 Ch 4a: Information Security Programs

Sam Bowne

Security on AWS, 2021 Edition Meetup

CloudHesive

Security on AWS, 2021 Edition Meetup

CloudHesive

LSG Intro

Mike Wickham

Professional and Technology Services

The Consulting Practice Inc.

AWS provides all sorts of security features and capabilities, and these features generate tons of data to be sifted and analyzed. In this session, hear what we are doing to support ingestion, processing, and storage of data at scale to support our Security Science and DevSecOps programs. We've had a lot of experience understanding what is and is not possible for crunching security data using big data environments. In fact, we've discovered it's much easier to develop the tools and processes necessary to support applications than you might think.

(SEC326) Security Science Using Big Data

Amazon Web Services

ADDO_2020-Driving-Digital-Transformation-through-CloudOps-and-SRE.pdf

Phil Johnson

This is an updated version of this talk which I will present at Agile 2013. The rhythm of agile software development is to always be working on the next known, small batch of work. Is there a place for software architecture in this style of development? Some people think that software architecture should simply emerge and doesn’t require ongoing attention. But it isn’t always prudent to let the software architecture emerge at the speed of the next iteration. Complex software systems have lots of moving parts, dependencies, challenges, and unknowns. Counting on the software architecture to spontaneously emerge without any planning or architectural investigation is at best risky. So how should architecting be done on agile projects? It varies from project to project. But there are effective techniques for incorporating architectural activities into agile projects. This talk explains how architecture can be done on agile projects and what an agile architect does.

Why We Need Architects (and Architecture) on Agile Projects

Rebecca Wirfs-Brock

State of Agile 2017

Tze Chin Tang

Similar to Cyber Scotland Connect: What is Security Engineering? (20)

The What, Why, and How of DevSecOps

Road to rockstar system analyst

Ahmed Yaser CV 10-2015

NIST Cybersecurity Framework (CSF) on the Public Cloud

Applying DevOps from the Mobile to the Mainframe

Open Day 2015

AppSec in an Agile World

Lynx Overview

CNIT 160 Ch 4a: Information Security Programs

Cloud Enablement Engine Role Definition and Mapping

ITAM AUS 2017 How to get SAM happily frolicking on the Cloud

CNIT 160 Ch 4a: Information Security Programs

Security on AWS, 2021 Edition Meetup

LSG Intro

Professional and Technology Services

(SEC326) Security Science Using Big Data

ADDO_2020-Driving-Digital-Transformation-through-CloudOps-and-SRE.pdf

Why We Need Architects (and Architecture) on Agile Projects

State of Agile 2017

More from Harry McLaren

Security Operations, MITRE ATT&CK, SOC Roles / Competencies

Harry McLaren

Becoming a Defender (Blue Teams FTW!)

Harry McLaren

We’ll be exploring some of the more advanced capabilities of Phantom and also discussing the security framework from MITRE “ATT&CK” and it’s valued use when integrating it with Splunk Enterprise! We’ll also have two SplunkTrust members available for some general Q&A in our own ‘Meet the Experts’. - Splunk Phantom Workbook Automation - SOAR (Security Orchestration, Automation & Response) -- Tom Wise (Phantom Security Solutions Engineer & Trainer) - Threat Hunting, Or: How I Learned to Stop Worrying & Love ATT&CK -- Cian Heasley / Fraser Dumayne (Security Engineers) - Meet the Experts with SplunkTrust -- Harry McLaren (Senior Splunk Consultant) -- Tom Wise (Splunk Consultant, Phantom Security Solutions Engineer & Trainer)

Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...

Harry McLaren

SOC Fundamental Roles & Skills

Harry McLaren

Many organisations have invested millions in building security operations teams, deploying powerful monitoring and reporting tools and then asking for continual improvement in the form of tuning, threat hunting and developing new threat models. However, within large enterprises, these types of changes either represent a risk of making changes to a live production platform or take weeks or months to go through the development and release process or route-to-live. This session outlines some DevOps principals and associate framework for enforcing change management, but still supporting rapid changes to code and configuration. * SOC Capabilities * OODA & Threat Hunting * Balancing SOC Risk * Using Splunk for an Agile SIEM * Result: Empowered Hunters * Resources & Questions

Hunting Hard & Failing Fast (ScotSoft 2019)

Harry McLaren

Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!

Harry McLaren

Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)

Harry McLaren

Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...

Harry McLaren

Splunk .conf18 Updates, Config Add-on, SplDevOps

Harry McLaren

As Splunk scales, it grows with more Splunk engineers, developers and users. Maintaining proper knowledge object development, deployment changes and best practices can become a daunting task where fear-driven development takes its toll. In this session we present our enhancement of Splunk’s scalability in terms of software management, continuous integration and continuous delivery (CI/CD) by providing a framework which consists of DevOps tooling in combination with our Splunk expertise. Specifically, we are able to maintain a proper Splunk development cycle by using Docker containers, configuration and secret management with Ansible and version control with Git (VCS), all achieved by taking advantage of Splunk's ".conf" versatility. Our result is a CI/CD development-to-testing-to-production framework that complements Splunk’s scalability with modern DevOps culture and facilitates a smoother yet moderated development experience.

SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...

Harry McLaren

Lessons on Human Vulnerability within InfoSec/Cyber

Harry McLaren

OWASP - Analyst, Engineer or Consultant?

Harry McLaren

TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development

Harry McLaren

Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)

Harry McLaren

Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)

Harry McLaren

Cyber Scotland Connect: Welcome & Purpose Statement

Harry McLaren

Latest Updates to Splunk from .conf 2017 Announcements

Harry McLaren

Securing the Enterprise/Cloud with Splunk at the Centre

Harry McLaren

There are many misconceptions about what a SIEM is and why they should still be the heart of an operational capability when it comes to security controls and monitoring. This topic will outline what makes a powerful SIEM and why creating it yourself is increasingly challenging. We'll explore the frameworks at the heart of a SIEM and how Splunk has developed Enterprise Security with these in mind; finishing with some general lessons learned for SIEM implementation projects.

Security Meetup Scotland - August 2017 (Deconstructing SIEM)

Harry McLaren

Deconstructing SIEM

Harry McLaren

More from Harry McLaren (20)

Security Operations, MITRE ATT&CK, SOC Roles / Competencies

Becoming a Defender (Blue Teams FTW!)

Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...

SOC Fundamental Roles & Skills

Hunting Hard & Failing Fast (ScotSoft 2019)

Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!

Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)

Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...

Splunk .conf18 Updates, Config Add-on, SplDevOps

SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...

Lessons on Human Vulnerability within InfoSec/Cyber

OWASP - Analyst, Engineer or Consultant?

TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development

Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)

Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)

Cyber Scotland Connect: Welcome & Purpose Statement

Latest Updates to Splunk from .conf 2017 Announcements

Securing the Enterprise/Cloud with Splunk at the Centre

Security Meetup Scotland - August 2017 (Deconstructing SIEM)

Deconstructing SIEM

Recently uploaded

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Understanding the FAA Part 107 License ..

Christopher Logan Kennedy

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

ICT role in 21st century education and its challenges

rafiqahmad00786416

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Recently uploaded (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

[BuildWithAI] Introduction to Gemini.pdf

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

WSO2's API Vision: Unifying Control, Empowering Developers

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Understanding the FAA Part 107 License ..

MS Copilot expands with MS Graph connectors

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Six Myths about Ontologies: The Basics of Formal Ontology

MINDCTI Revenue Release Quarter One 2024

Vector Search -An Introduction in Oracle Database 23ai.pptx

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Platformless Horizons for Digital Adaptability

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Boost Fertility New Invention Ups Success Rates.pdf

Elevate Developer Efficiency & build GenAI Application with Amazon Q

ICT role in 21st century education and its challenges

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Cyber Scotland Connect: What is Security Engineering?

1. What is [Cyber]Security Engineering? Harry McLaren – Managing Consultant at ECS

2. Harry McLaren •Alumnus of Napier University • Active Student Mentor •Managing Consultant at ECS [Security] • Splunk Enablement Lead, Engineer & Architect • Previous Roles: • Security Engineer, SOC Analyst, IT Technician

3. Coming Up: •Definition of [Cyber]Security Engineering •NIST Security Framework •It’s All About the PPTs! •Scenario Based Walkthrough •Best Practices for Engineers in 2018 •Resources ~25mins

4. Building things to protect, detect, and respond to threats. [Risk Management Control]

5. Image Source: Fuze

6. Types of Engineering (Not Exhaustive!) Systems Deployment & Configuration Systems Integration Setup of Automation & Orchestration Solution Development

7. It’s All About the PPTs! Successful Projects People Process Technology

8. People & Process • Who’s the end user? • Who’s going to support it? • How extensible is it? • What are the training requirements? • How do people feel? • Building champions! • How does it fit within the businesses IT? • How does it align to the company strategy? • Does it leverage best practices for design/build/deploy? • How resilient to change is the solution?

9. Scenario Walkthrough 1. Business Has Problem: Security Monitoring Desperate Data Sources, Data Siloed, Cross-Functional Use Cases, Legacy “Big Data” Choose a Technology: 2. Magic??? 3. 1-12 Months Later… Success!

10. Systems Deployment & Configuration • High/Low-Level Designs • Technical Architecture • Infrastructure Build • Software Deployment • Software Configuration

11. Integration into Other Systems • Data Collection • Data On-boarding • RESTful API • CMDB (Identities & Assets) • Workflow / Ticketing • Contextual Analysis

12. Setup of Automation & Orchestration • Automated Build • Auto-scaling • Responsive Actions • Version Control • Configuration Management

13. Solution Development • Data Analytics as a Service (DAaaS) • Self Service • End-to-End Business Support & Development • Centres of Excellence • Solution Champions

14. Best Practices for Engineers in 2018 • Outcome based Development (Lean/Scrum/Agile) • Version Control (VCS) • Configuration Management (CMS) • Development & Release Frameworks (Route-to-Live) • Capture Knowledge • Build Lab Environments • Containerisation for Rapid & Mobile Development • Leverage Cloud Agility • Consider Multi-Cloud • Facilitate the Business, Don’t be a Blocker

15. Resources • Splunk/ Data Analytics • Intro to Splunk • Free 2-day Course • Threat Hunting • Agile based Development • Version Control 101 • Configuration Management 101 • Getting Things Done Methodology • Cloud • Free AWS Tier / Training • Free Azure Tier / Training • Starting with Docker • Starting with Python • Starting with Go

16. Say Hello! @cyberharibu linkedin.com/in/harrymclaren harrymclaren.co.uk

17. Cyber Scotland Connect •Community Directed Group (What Do You Want?) Shape Us •Slack! (Website Coming Soon!) Connect with Us •Seeking Contributions (Speaking, Practical Labs, Etc) Share with Us

Editor's Notes

Image Source: https://www.fuze.com/blog/on-the-Evolving-Cybersecurity-Landscape
Image Source: https://southpark.cc.com
Image Source: https://aws.amazon.com/quickstart/architecture/splunk-enterprise/

Cyber Scotland Connect: What is Security Engineering?

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Cyber Scotland Connect: What is Security Engineering?

Similar to Cyber Scotland Connect: What is Security Engineering? (20)

More from Harry McLaren

More from Harry McLaren (20)

Recently uploaded

Recently uploaded (20)

Cyber Scotland Connect: What is Security Engineering?

Editor's Notes