Bigger, Faster and More Secure

•

0 j'aime•120 vues

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2IG56Qw. Laura Bell talks about how security can look when it stops being about fear and starts being a tool for building systems of the future. Filmed at qconlondon.com. Laura Bell is the founder of SafeStack, a specialist security training, development, and consultancy firm. With almost a decade of experience in software development and information security, she specializes in bringing security survival skills, practices, and culture into fast paced organizations of every shape and size.

Technologie

@lady_nerd laura@safestack.io
https://safestack.io

InfoQ.com: News & Community Site
Watch the video with slide
synchronization on InfoQ.com!
https://www.infoq.com/presentations/
security-future-systems
• Over 1,000,000 software developers, architects and CTOs read the site world-
wide every month
• 250,000 senior developers subscribe to our weekly newsletter
• Published in 4 languages (English, Chinese, Japanese and Brazilian
Portuguese)
• Post content from our QCon conferences
• 2 dedicated podcast channels: The InfoQ Podcast, with a focus on
Architecture and The Engineering Culture Podcast, with a focus on building
• 96 deep dives on innovative topics packed as downloadable emags and
minibooks
• Over 40 new content items per week

Purpose of QCon
- to empower software development by facilitating the spread of
knowledge and innovation
Strategy
- practitioner-driven conference designed for YOU: influencers of
change and innovation in your teams
- speakers and topics driving the evolution and innovation
- connecting and catalyzing the influencers and innovators
Highlights
- attended by more than 12,000 delegates since 2007
- held in 9 cities worldwide
Presented at QCon London
www.qconlondon.com

In this talk
Fear and loathing
Examining the root of fear and it’s effects
Fear-based architecture and antipatterns
Fear leads to anger, anger leads to hatred….
Fearless security patterns and approaches
Deconstructing the scared and building the secure

Words Matter
Threat Intelligence
Kill Chain
Advanced Persistent Threat
Cyber War
Zero-day
Threat actor
Firewall
Brute-force
Weaponized content

The more scared we are
The more scared we get

In a nationally representative sample of Americans (fear
increased risk estimates and plans for precautionary
measures;

Because these cues were associated with previous danger, the
brain may see them as a predictor of threat.

Fear-based
architecture
and antipatterns

Layered defences create an
expectation of safety, managed by
someone or something else.

Defences can be challenged by
Deployment
Integrations
Deconstruction
Distribution

Gatekeepers place the responsibility
on the user to prove that they are not
malicious

Innocent people try hard to be
honest and incriminate themselves
Malicious people follow the rules,
don’t draw attention

Scar tissue is a defence that forms
where we have previously been hurt

Signs that your defence might be scar tissue
Not-measurable
Acute
Useless
Specific
Exclusionary
Arbitrary

Fearless security
patterns and
approaches

Small, simple and focused on functionality

Small
Frequently deployed
Independent
Monitored
Consistent
Assume failure
Evaluated and updated

Honey pit:
An intentional vulnerability in an application
that traps an attacker
Bermudez
Honey pot:
An intentionally vulnerable host in a network
that alerts when attacked
https://canary.tools

Build defences that
Focus on usability and accessibility
Allow for monitoring and response
Subject to regular evaluation

TL;DR
Fear and loathing
Examining the root of fear and it’s effects
Fear-based architecture and antipatterns
Fear leads to anger, anger leads to hatred….
Fearless security patterns and approaches
Deconstructing the scared and building the secure

Watch the video with slide
synchronization on InfoQ.com!
https://www.infoq.com/presentations/
security-future-systems

Contenu connexe

Plus de C4Media

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2UgQ3BU. Christie Wilson describes what to expect from CI/CD in 2019, and how Tekton is helping bring that to as many tools as possible, such as Jenkins X and Prow. Wilson talks about Tekton itself and performs a live demo that shows how cloud native CI/CD can help debug, surface and fix mistakes faster. Filmed at qconsf.com. Christie Wilson is a software engineer at Google, currently leading the Tekton project. Over the past decade, she has worked in the mobile, financial and video game industries. Prior to working at Google she led a team of software developers to build load testing tools for AAA video game titles, and founded the Vancouver chapter of PyLadies.

Shifting Left with Cloud Native CI/CD

C4Media

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2S7lDiS. Sasha Rosenbaum shows how a CI/CD pipeline for Machine Learning can greatly improve both productivity and reliability. Filmed at qconsf.com. Sasha Rosenbaum is a Program Manager on the Azure DevOps engineering team, focused on improving the alignment of the product with open source software. She is a co-organizer of the DevOps Days Chicago and the DeliveryConf conferences, and recently published a book on Serverless computing in Azure with .NET.

CI/CD for Machine Learning

C4Media

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/36epVKg. Todd Montgomery discusses the techniques and lessons learned from implementing Aeron Cluster. His focus is on how Raft can be implemented on Aeron, minimizing the network round trip overhead, and comparing single process to a fully distributed cluster. Filmed at qconsf.com. Todd Montgomery is a networking hacker who has researched, designed, and built numerous protocols, messaging-oriented middleware systems, and real-time data systems, done research for NASA, contributed to the IETF and IEEE, and co-founded two startups. He currently works as an independent consultant and is active in several open source projects.

Fault Tolerance at Speed

C4Media

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2FWc5Sk. Ben Sigelman talks about "Deep Systems", their common properties and re-introduces the fundamentals of control theory from the 1960s, including the original conceptualizations of Observability & Controllability. He uses examples from Google & other companies to illustrate how deep systems have damaged people's ability to observe software, and what needs to be done in order to regain control. Filmed at qconsf.com. Ben Sigelman is a co-founder and the CEO at LightStep, a co-creator of Dapper (Google’s distributed tracing system), and co-creator of the OpenTracing and OpenTelemetry projects (both part of the CNCF). His work and interests gravitate towards observability, especially where microservices, high transaction volumes, and large engineering organizations are involved.

Architectures That Scale Deep - Regaining Control in Deep Systems

C4Media

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/39SddUL. Victor Dibia provides a friendly introduction to machine learning, covers concrete steps on how front-end developers can create their own ML models and deploy them as part of web applications. He discusses his experience building Handtrack.js - a library for prototyping real time hand tracking interactions in the browser. Filmed at qconsf.com. Victor Dibia is a Research Engineer with Cloudera’s Fast Forward Labs. Prior to this, he was a Research Staff Member at the IBM TJ Watson Research Center, New York. His research interests are at the intersection of human computer interaction, computational social science, and applied AI.

ML in the Browser: Interactive Experiences with Tensorflow.js

C4Media

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2s9T3Vl. Colin Eberhardt looks at some of the internals of WebAssembly, explores how it works “under the hood”, and looks at how to create a (simple) compiler that targets this runtime. Filmed at qconsf.com. Colin Eberhardt is the Technology Director at Scott Logic, a UK-based software consultancy where they create complex application for their financial services clients. He is an avid technology enthusiast, spending his evenings contributing to open source projects, writing blog posts and learning as much as he can.

Build Your Own WebAssembly Compiler

C4Media

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2S9tOgy. Satyajit Thadeshwar provides useful insights on how Netflix implemented a secure, token-agnostic, identity solution that works with services operating at a massive scale. He shares some of the lessons learned from this process, both from architectural diagrams and code. Filmed at qconsf.com. Satyajit Thadeshwar is an engineer on the Product Edge Access Services team at Netflix, where he works on some of the most critical services focusing on user and device authentication. He has more than a decade of experience building fault-tolerant and highly scalable, distributed systems.

User & Device Identity for Microservices @ Netflix Scale

C4Media

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2Ezs08q. Justin Ryan talks about Netflix’ scalability issues and some of the ways they addressed it. He shares successes they’ve had from unintuitively partitioning computation into multiple services to get better runtime characteristics. He introduces us to useful probabilistic data structures, innovative bi-directional data passing, open-source projects available from Netflix that make this all possible. Filmed at qconsf.com. Justin Ryan is Playback Edge Engineering at Netflix. He works on some of the most critical services at Netflix, specifically focusing on user and device authentication. Years of building developer tools has also given him a healthy set of opinions on developer productivity.

Scaling Patterns for Netflix's Edge

C4Media

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2Z4ZJjn. Kilian Valkhof discusses the process of making an Electron app feel at home on all three platforms: Windows, MacOS and Linux, making devs aware of the pitfalls and how to avoid them. Filmed at qconsf.com. Kilian Valkhof is a Front-end Developer & User-experience Designer at Firstversionist. He writes about various topics, from design to machine learning, on his personal website, kilianvalkhof.com and is a frequent contributer to open source software. He is part of the Electron governance team that oversees the development of the Electron framework.

Make Your Electron App Feel at Home Everywhere

C4Media

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/344PnB1. Steve Klabnik goes over the deep details of how async/await works in Rust, covering concepts like coroutines, generators, stack-less vs stack-ful, "pinning", and more. Filmed at qconsf.com. Steve Klabnik is on the core team of Rust, leads the documentation team, and is an author of "The Rust Programming Language." He is a frequent speaker at conferences and is a prolific open source contributor, previously working on projects such as Ruby and Ruby on Rails.

The Talk You've Been Await-ing For

C4Media

Future of Data Engineering

C4Media

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2rm4hFD. Yevgeniy Brikman talks about how to write automated tests for infrastructure code, including the code written for use with tools such as Terraform, Docker, Packer, and Kubernetes. Topics covered include: unit tests, integration tests, end-to-end tests, dependency injection, test parallelism, retries and error handling, static analysis, property testing and CI / CD for infrastructure code. Filmed at qconsf.com. Yevgeniy Brikman is the co-founder of Gruntwork, a company that provides DevOps as a Service. He is the author of two books published by O'Reilly Media: Hello, Startup and Terraform: Up & Running. Previously, he worked as a software engineer at LinkedIn, TripAdvisor, Cisco Systems, and Thomson Financial.

Automated Testing for Terraform, Docker, Packer, Kubernetes, and More

C4Media

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2NzKMjY. Conal Scanlon talks about why traditional tactics - ones that have been around since the 19th century - don't always help build a better product, and explores what characteristics are common to both delivery and discovery teams. He talks about his experiences in fledgling startups, successful companies, and larger enterprises, and uses these examples to introduce dual-track development. Filmed at qconnewyork.com. Conal Scanlon is a Product Manager at Handshake, helping B2B distributors and manufacturers get their products to every shelf, everywhere. He has several years of experience in software development (mainly Ruby on Rails) and Agile leadership roles in private sector and government contracting, as well a brief foray in management consulting.

Navigating Complexity: High-performance Delivery and Discovery Teams

C4Media

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/34ipw9f. Stan Rosenberg explores a set of core building blocks exhibited by Adtech platforms and applies them towards building a fraud detection platform. After addressing performance, he touches on the key attributes of system reliability and quality in an Adtech system. He concludes with many insights learned from building one of the leading fraud detection platforms from the ground up. Filmed at qconnewyork.com. Stan Rosenberg currently heads up engineering at Forensiq - a leading fraud detection platform for online advertising. Prior to Forensiq, he built distributed platforms for startups.

High Performance Cooperative Distributed Systems in Adtech

C4Media

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2PeX3wC. Steve Klabnik gives an overview of Rust’s history, diving into the technical details of how the design has changed, and talks about the difficulties of adding a major new feature to a programming language. Filmed at qconnewyork.com. Steve Klabnik is on the core team of Rust, leads the documentation team, and is an author of "The Rust Programming Language”. He is a frequent speaker at conferences and is a prolific open source contributor, previously working on projects such as Ruby and Ruby on Rails.

Rust's Journey to Async/await

C4Media

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2B24UoY. Bernd Rücker goes over the concepts, the advantages, and the pitfalls of event-driven utopia. He shares real-life stories or points to source code examples. Filmed at qconnewyork.com. Bernd Rücker is co-founder and developer advocate at Camunda. Previously, he has helped automating highly scalable core workflows at global companies including T-Mobile, Lufthansa, Zalando. He is currently focused on new workflow automation paradigms that fit into modern architectures around distributed systems, microservices, domain-driven design, event-driven architecture and reactive systems.

Opportunities and Pitfalls of Event-Driven Utopia

C4Media

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2mAKgJi. Ian Nowland and Joel Barciauskas talk about the challenges Datadog faces as the company has grown its real-time metrics systems that collect, process, and visualize data to the point they now handle trillions of points per day. They also talk about how the architecture has evolved, and what they are looking to in the future as they architect for a quadrillion points per day. Filmed at qconnewyork.com. Ian Nowland is the VP Engineering Metrics and Alerting at Datadog. Joel Barciauskas currently leads Datadog's distribution metrics team, providing accurate, low latency percentile measures for customers across their infrastructure.

Datadog: a Real-Time Metrics Database for One Quadrillion Points/Day

C4Media

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2oP4qzP. Bert Ertman goes beyond the hype of being Cloud-native and focuses instead on what being Cloud-native actually requires in terms of skills and experience for Java Developers and how it affects and impacts traditional systems design. Filmed at qconnewyork.com. Bert Ertman is VP of Technology at Luminis. He is a frequent speaker on Java, Cloud, and software architecture all over the world, book author, and serial conference organizer. He was awarded the coveted title of Java Champion in 2008, and is a JavaOne RockStar speaker and a two-fold Duke’s Choice Award winner.

Are We Really Cloud-Native?

C4Media

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2nZwuQF. Peter Mattis talks about how Cockroach Labs addressed the complexity of distributed databases with CockroachDB. He gives a tour of CockroachDB’s internals, covering the usage of Raft for consensus, the challenges of data distribution, distributed transactions, distributed SQL execution, and distributed SQL optimizations. Filmed at qconnewyork.com. Peter Mattis is the co-founder of Cockroach Labs where he works on a bit of everything, from low-level optimization of code to refining the overall design. He has worked on distributed systems, designing and implementing the original Gmail back-end search and storage system at Google and designing and implementing Colossus, the successor to Google's original distributed file system.

CockroachDB: Architecture of a Geo-Distributed SQL Database

C4Media

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2lbrffT. Celia Kung talks about Brooklin – LinkedIn’s managed data streaming service that supports multiple pluggable sources and destinations, which can be data stores or messaging systems. She dives deeper into Brooklin’s architecture and use cases, as well as their future plans. Filmed at qconnewyork.com. Celia Kung manages the data pipelines team at LinkedIn. Previously, she was the lead engineer for building Oracle change-data capture support for Brooklin, as well as a new Kafka mirroring solution that has fully replaced Kafka MirrorMaker at LinkedIn.

A Dive into Streams @LinkedIn with Brooklin

C4Media

Plus de C4Media (20)

Shifting Left with Cloud Native CI/CD

CI/CD for Machine Learning

Fault Tolerance at Speed

Architectures That Scale Deep - Regaining Control in Deep Systems

ML in the Browser: Interactive Experiences with Tensorflow.js

Build Your Own WebAssembly Compiler

User & Device Identity for Microservices @ Netflix Scale

Scaling Patterns for Netflix's Edge

Make Your Electron App Feel at Home Everywhere

The Talk You've Been Await-ing For

Future of Data Engineering

Automated Testing for Terraform, Docker, Packer, Kubernetes, and More

Navigating Complexity: High-performance Delivery and Discovery Teams

High Performance Cooperative Distributed Systems in Adtech

Rust's Journey to Async/await

Opportunities and Pitfalls of Event-Driven Utopia

Datadog: a Real-Time Metrics Database for One Quadrillion Points/Day

Are We Really Cloud-Native?

CockroachDB: Architecture of a Geo-Distributed SQL Database

A Dive into Streams @LinkedIn with Brooklin

Dernier

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Real Time Object Detection Using Open CV

Khem

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Dernier (20)

GenAI Risks & Security Meetup 01052024.pdf

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Data Cloud, More than a CDP by Matt Robison

Scaling API-first – The story of a global engineering organization

Driving Behavioral Change for Information Management through Data-Driven Gree...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

The 7 Things I Know About Cyber Security After 25 Years | April 2024

How to Troubleshoot Apps for the Modern Connected Worker

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Boost Fertility New Invention Ups Success Rates.pdf

Handwritten Text Recognition for manuscripts and early printed texts

Apidays New York 2024 - The value of a flexible API Management solution for O...

Finology Group – Insurtech Innovation Award 2024

How to Troubleshoot Apps for the Modern Connected Worker

Artificial Intelligence: Facts and Myths

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Real Time Object Detection Using Open CV

Powerful Google developer tools for immediate impact! (2023-24 C)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bigger, Faster and More Secure

1. @lady_nerd laura@safestack.io https://safestack.io

2. InfoQ.com: News & Community Site Watch the video with slide synchronization on InfoQ.com! https://www.infoq.com/presentations/ security-future-systems • Over 1,000,000 software developers, architects and CTOs read the site worldwide every month • 250,000 senior developers subscribe to our weekly newsletter • Published in 4 languages (English, Chinese, Japanese and Brazilian Portuguese) • Post content from our QCon conferences • 2 dedicated podcast channels: The InfoQ Podcast, with a focus on Architecture and The Engineering Culture Podcast, with a focus on building • 96 deep dives on innovative topics packed as downloadable emags and minibooks • Over 40 new content items per week

3. Purpose of QCon - to empower software development by facilitating the spread of knowledge and innovation Strategy - practitioner-driven conference designed for YOU: influencers of change and innovation in your teams - speakers and topics driving the evolution and innovation - connecting and catalyzing the influencers and innovators Highlights - attended by more than 12,000 delegates since 2007 - held in 9 cities worldwide Presented at QCon London www.qconlondon.com

4. In this talk Fear and loathing Examining the root of fear and it’s effects Fear-based architecture and antipatterns Fear leads to anger, anger leads to hatred…. Fearless security patterns and approaches Deconstructing the scared and building the secure

5. Fear and loathing

7. Words Matter Threat Intelligence Kill Chain Advanced Persistent Threat Cyber War Zero-day Threat actor Firewall Brute-force Weaponized content

8. The more scared we are The more scared we get

9. In a nationally representative sample of Americans (fear increased risk estimates and plans for precautionary measures;

10.

11. Fight Flight Freeze

12. Because these cues were associated with previous danger, the brain may see them as a predictor of threat.

13. Fear-based architecture and antipatterns

14. Castles

15.

16. Layered defences create an expectation of safety, managed by someone or something else.

17. Defences can be challenged by Deployment Integrations Deconstruction Distribution

18. Gatekeepers

19.

20. Gatekeepers place the responsibility on the user to prove that they are not malicious

21. Innocent people try hard to be honest and incriminate themselves Malicious people follow the rules, don’t draw attention

22.

23. Scar Tissue

24.

25. Scar tissue is a defence that forms where we have previously been hurt

26.

27. Signs that your defence might be scar tissue Not-measurable Acute Useless Specific Exclusionary Arbitrary

28. Fearless security patterns and approaches

29. Castles Tiny Houses

30. Small, simple and focused on functionality

31.

32. Small Frequently deployed Independent Monitored Consistent Assume failure Evaluated and updated

33. Gatekeepers Guardians

34. Guardians monitor and respond

35.

36. Honey pit: An intentional vulnerability in an application that traps an attacker Bermudez Honey pot: An intentionally vulnerable host in a network that alerts when attacked https://canary.tools

37. Scar Tissue Intelligent Defences

38. Be aware and challenge your own bubble

39. Build defences that Focus on usability and accessibility Allow for monitoring and response Subject to regular evaluation

40.

41. TL;DR Fear and loathing Examining the root of fear and it’s effects Fear-based architecture and antipatterns Fear leads to anger, anger leads to hatred…. Fearless security patterns and approaches Deconstructing the scared and building the secure

42. @lady_nerd laura@safestack.io https://safestack.io

43. Watch the video with slide synchronization on InfoQ.com! https://www.infoq.com/presentations/ security-future-systems

Bigger, Faster and More Secure

Recommandé

Recommandé

Contenu connexe

Plus de C4Media

Plus de C4Media (20)

Dernier

Dernier (20)

Bigger, Faster and More Secure