Talks & Articles
You can find here links to talks I’ve done in the past, both online and in different venue:
DevSecOps: Shifting Left in Practice @ InfoQ eMag (article)
Was interviewed for InfoQ eMag on the topic of applying Team Topologies to build and developed information security teams. Link here https://www.infoq.com/minibooks/devsecops-emag/
What if our models of risk are insufficient ? Risk modelling in a dynamic environment @ Cloud Security Alliance
Did a talk (cut short as I had tech issues) about different ways to look a information security risk, and why our current models are good but insufficient. https://www.youtube.com/watch?v=uXFA4qAfaVo&t=17309s
DevSecOps: not the tools, the other bits @ InfoQ
Talk for InfoQ focusing on DevSecOps, but avoiding discussion about tools. Link here: https://www.infoq.com/presentations/devsecops-governance-practices-tools/
F5 DevCentral Show: Prepare to D.I.E
Participated in the F5 DevCentral show talking about the CIA and DIE models, and evolution of the security industry
SnykCon Expert Panel: DevSecOps for Platform teams: A Discussion on Making it Easy to Do the Right Thing
Was part of an expert panel talking about DevSecOps for Platform teams
We Hack Purple Podcast Episode 2 with Mario Platt
Conversation about my different roles and experience
Building Secure Products for Start-ups
Contributed to the Broadlight Global series on helping startups improve their security posture.
Video can be found here: https://www.youtube.com/watch?v=BF1fCfwNhgI
Sensemaking with Cynefin framework @ Open Security Summit 2020
Here, together with Phil Huggins we provided an introduciton to Complex Adaptive Systems and how to manage CyberSecurity in each of it’s 5 domains, with an exploration on Strategy.
Video: https://www.youtube.com/watch?v=b7r_iunJJ8E&t
Slides: TBC
Event page: https://open-security-summit.org/tracks/miscellaneous/sense-making-with-cynefin-framework/
User Stories and OWASP ASVS (Application Security Verification Standard) @ Open Security Summit 2020
I led a session at the Open Security Summit on what are User Stories and Scenario Testing and why Security Professionals should get more comfortable in writing them, addressing how they can support transitioning to writing Compliance as Code checks
video can be found here: https://www.youtube.com/watch?v=3fxrHDhvcEw&t=5s
Project now exists in https://github.com/OpenSecuritySummit/project-ASVS-User-Stories
Beating the 1:100 Odds – Team Topologies for Cyber Security @ Open Security Summit 2020
I did a double-act talk alongside Manuel Pais (co-author of Team Topologies book) discussing Team Topologies and how we can apply them to Cyber Security team structures.
Video and slides can be found here: https://www.youtube.com/watch?v=WZAnnSmPG7c&t=1913s
Strategy Development with Wardley Mapping – Applying concepts @ Open Security Summit 2020
In this talk on Wardley mapping without using Wardley maps, I explored mainly the concepts of Doctrine and Climatic patterns to discuss what I believe are 4 problems affecting the Cyber Security industry and my proposals on how to approach them:
- The Communications problem
- The Engineering problem
- The Management problem
- The Skills and Structure problem
Video can be found here: https://www.youtube.com/watch?v=ZcQQ7qxjDEI&t=159s
Using Wardley Mapping for Security Strategy and Architecture @ Open Security Summit 2020
In this talk I discussed how I apply Wardley Mapping to help develop Security Strategy and Security architecture, and where I see both being mutually supportive and how they can benefit from Wardley mapping. I also discussed the evolving role of the Architect in the context of Sociotechnical systems.
Video can be found her: https://www.youtube.com/watch?v=kDs23thv8VE&t=4144s
To DevSecOps or not to DevSecops: is that a question ? @ Open Security Summit 2020
I did a talk of my archetype based model to discuss the opportunity, challenges and benefits of DevSecOps as a discipline.
We discuss who it’s meant to serve and the 3 different archetypes (Security Unicorns, Gatekeepers and Rainbowmakers) and how we can help each of them with DevSecOps
Video can be found here: https://www.youtube.com/watch?v=dHkptfSUWlo&t=2506s
To DevSecOps or not to DevSecops: is that a question ? @ Practical DevSecOps Online Meetup
I did a talk of my archetype based model to discuss the opportunity, challenges and benefits of DevSecOps as a discipline.
We discuss who it’s meant to serve and the 3 different archetypes (Security Unicorns, Gatekeepers and Rainbowmakers) and how we can help each of them with DevSecOps
Video and slides can be found here: Practical DevSecOps Podcast link
Compliance as Code: The Why, What and How @ OWASP DevSlop Show
Had a great time talking with Nancy Gariche and Nicole Becher about Compliance as Code. It includes a hands-on lab on using Chef Inspec to do Compliance-as-Code checks which you can integrate in your CI/CD pipelines
Link can be found here: https://www.youtube.com/watch?v=tmlfCc6Ml2k
Compliance as Code @ Dev and Test Meetup Brighton
Did a talk on Compliance as Code, talking about what it can do for you and how it can help communicating between different teams
Link can be found here: https://vimeo.com/365475939
Security Strategy Frames @ Dev and Test Meetup Cambridge
In this talk, I introduced several frames to discuss Security Strategy.
These included Warldey Mapping, Cynefin framework, Cyber Defense Matrix, Cloud Native among others.
Link can be found here: https://vimeo.com/394380134
Shared Responsibility Model @ Dev and Test Meetup Brighton
In this talk I discuss the Azure Shared Responsibility Model and what’s up to the customer to do from a Security perspective, to ensure we understand our responsibilities when using those services
Video can be found here: https://vimeo.com/287813115
Implicit Guidance, OODA loop and Cynefin Framework @ Hired Thought Podcast
Here had a great time talking with Ben Mosior and Ben Ford about many things OODA and Cynefin framework.
Video can be found here: https://www.youtube.com/watch?v=YI1G5LgeOak&t=3246s
Pushing Left Like a Boss @ Dev and Test Meetup Reading
In this talk, I gave Tanya Janca’s talk which she licensed as Open Source at Reading Dev and Test meetup.
Evolution-informed Security Strategy @ LearnWardleyMapping Community
Here I talked about having an approach to developing Security Strategy considering Evolution, using principles from Wardley mapping among others.
Video can be found here: https://www.youtube.com/watch?v=PwEjpgxRVCE&t=5274s