SECURITY:
STOP SUCKING!
@benjammingh
ben@etsy.com

Sunday, 3 November 13
Security persons!
STOP BEING SO NEGATIVE!
(yes I realise that is a negative thing to say)

Sunday, 3 November 13
SECURITY: BE
MORE POSITIVE
AND WORK WITH
PEOPLE!
@benjammingh
ben@etsy.com

Sunday, 3 November 13
Be excellent to each other.
Devops: It’s all about the tools.
(Spoiler alert, it’s not. It’s never has been.
It’s about th...
Reducing barriers.
Having an approachable security team is
the most important thing they can do.
The second you lose the a...
Understanding
void function(char *str) {
char buffer[16];
}

strcpy(buffer,str);

void main() {
char large_string[256];
in...
Yoghurt?
Bootcamping: not as unfriendly as it
sounds.

•New hires go sit with other teams when
they start.

•Builds inter-...
Pairing

https://www.etsy.com/listing/90804041/birthday-gift-handmade-polymer-clay

Sunday, 3 November 13
Culture Club!
“But we’re only small”
Then you’re doing this already!
*golf clap*

Sunday, 3 November 13
Testing *taps mic*
You can unit test your application and your
infrastructure for security!
Wait, someone already gave thi...
Stop saying “No!”

https://www.etsy.com/listing/160452502/say-yes-8x10-typography-inspirational

Sunday, 3 November 13
User Experience
•Make security the default.
•Make security easy.
•Cut people a break.

Sunday, 3 November 13
Awkward? For an Englishman?
-----BEGIN PGP MESSAGE----Version: GnuPG v1.4.15 (Darwin)
jA0EAwMCIYkQUL8A8FxgySXGJ5+z6ixZ
q7n...
Two fact[eo]rs
Easy security wins:
Two factor authentication

•Duo - https://www.duosecurity.com/
•Authy - https://www.aut...
Cut people a break?
Yes, a security person just said that!
Giving people a way of going:
“Yeah, I will do that thing, but ...
Software updates

Sunday, 3 November 13
Phishing

“If you go from being 36% on fire to 27%
on fire you're still on fire” - Zane Lackey

Sunday, 3 November 13
I’d buy that for a dollar!
Given the choice between

and

http://codeascraft.com/2013/08/09/mobile-device-lab/
Sunday, 3 N...
Openness
•Invite anyone and everyone to your

security postmortem. (in your company)

•Let anyone come to your internal se...
Fin

Sunday, 3 November 13

(also, we are hiring...)
Upcoming SlideShare
Loading in …5
×

Security: Stop sucking Portland DevOps Days Ignite

646 views
588 views

Published on

My talk on security and making it more devops magic.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
646
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Security: Stop sucking Portland DevOps Days Ignite

  1. 1. SECURITY: STOP SUCKING! @benjammingh ben@etsy.com Sunday, 3 November 13
  2. 2. Security persons! STOP BEING SO NEGATIVE! (yes I realise that is a negative thing to say) Sunday, 3 November 13
  3. 3. SECURITY: BE MORE POSITIVE AND WORK WITH PEOPLE! @benjammingh ben@etsy.com Sunday, 3 November 13
  4. 4. Be excellent to each other. Devops: It’s all about the tools. (Spoiler alert, it’s not. It’s never has been. It’s about the people...) But you knew that already ...right? Sunday, 3 November 13
  5. 5. Reducing barriers. Having an approachable security team is the most important thing they can do. The second you lose the ability to talk to them about anything, you effectively lose your security team. Sunday, 3 November 13
  6. 6. Understanding void function(char *str) { char buffer[16]; } strcpy(buffer,str); void main() { char large_string[256]; int i; for( i = 0; i < 255; i++) large_string[i] = 'A'; } function(large_string); Sunday, 3 November 13
  7. 7. Yoghurt? Bootcamping: not as unfriendly as it sounds. •New hires go sit with other teams when they start. •Builds inter-team bonds. •Means you know who to talk to. Sunday, 3 November 13
  8. 8. Pairing https://www.etsy.com/listing/90804041/birthday-gift-handmade-polymer-clay Sunday, 3 November 13
  9. 9. Culture Club! “But we’re only small” Then you’re doing this already! *golf clap* Sunday, 3 November 13
  10. 10. Testing *taps mic* You can unit test your application and your infrastructure for security! Wait, someone already gave this talk: http://www.slideshare.net/nickgsuperstar/ devopssec-apply-devops-principles-to-security/32 Thanks NickG! Sunday, 3 November 13
  11. 11. Stop saying “No!” https://www.etsy.com/listing/160452502/say-yes-8x10-typography-inspirational Sunday, 3 November 13
  12. 12. User Experience •Make security the default. •Make security easy. •Cut people a break. Sunday, 3 November 13
  13. 13. Awkward? For an Englishman? -----BEGIN PGP MESSAGE----Version: GnuPG v1.4.15 (Darwin) jA0EAwMCIYkQUL8A8FxgySXGJ5+z6ixZ q7ng0FRKqH3oZH2810f1y2lieP2YjzTS eO1d+msE =9wk/ -----END PGP MESSAGE----- Sunday, 3 November 13
  14. 14. Two fact[eo]rs Easy security wins: Two factor authentication •Duo - https://www.duosecurity.com/ •Authy - https://www.authy.com/ •Google - http://goo.gl/hvre2D •YubiKey - https://www.yubico.com/ Sunday, 3 November 13
  15. 15. Cut people a break? Yes, a security person just said that! Giving people a way of going: “Yeah, I will do that thing, but I need to do my work first.” Sunday, 3 November 13
  16. 16. Software updates Sunday, 3 November 13
  17. 17. Phishing “If you go from being 36% on fire to 27% on fire you're still on fire” - Zane Lackey Sunday, 3 November 13
  18. 18. I’d buy that for a dollar! Given the choice between and http://codeascraft.com/2013/08/09/mobile-device-lab/ Sunday, 3 November 13
  19. 19. Openness •Invite anyone and everyone to your security postmortem. (in your company) •Let anyone come to your internal security reviews/post-pen-test. •Remove names, as it’s not about who, it’s about how. Sunday, 3 November 13
  20. 20. Fin Sunday, 3 November 13 (also, we are hiring...)

×