Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)

Dinis Cruz
Chief Scientist at Glasswall and CISO at Holland and Barrett
Apr. 9, 2019
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)
1 of 73

Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)

Apr. 9, 2019
Download to read offline
Internet

Presented at OWASP London chapter meeting - April 2019

Dinis Cruz
Chief Scientist at Glasswall and CISO at Holland and Barrett

Recommended

Modern security using graphs, automation and data scienceModern security using graphs, automation and data science
Modern security using graphs, automation and data scienceDinis Cruz1.1K views121 slides
Dinis Cruz (CV) - CISO and Transformation Agent v1.2Dinis Cruz (CV) - CISO and Transformation Agent v1.2
Dinis Cruz (CV) - CISO and Transformation Agent v1.2Dinis Cruz1.7K views12 slides
My presentationMy presentation
My presentationPetraVukmirovic703 views10 slides
Using Wardley Maps to Understand Security's Landscape and StrategyUsing Wardley Maps to Understand Security's Landscape and Strategy
Using Wardley Maps to Understand Security's Landscape and StrategyDinis Cruz3.6K views114 slides
SC conference - Building AppSec TeamsSC conference - Building AppSec Teams
SC conference - Building AppSec TeamsDinis Cruz2.1K views75 slides
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextKubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextDaniel Bryant3.3K views36 slides

More Related Content

Slideshows for you

How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOpsCYBRIC843 views27 slides
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..Siddharth Joshi175 views23 slides
DevSecOps 101DevSecOps 101
DevSecOps 101Narudom Roongsiriwong, CISSP7.1K views37 slides
Platform engineeringPlatform engineering
Platform engineeringPrasanna Venkatesan549 views12 slides
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsPriyanka Aash454 views46 slides
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett4.3K views98 slides

Slideshows for you(20)

How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
CYBRIC843 views
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
Siddharth Joshi175 views
DevSecOps 101DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP7.1K views
Platform engineeringPlatform engineering
Platform engineering
Prasanna Venkatesan549 views
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOps
Priyanka Aash454 views
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett4.3K views
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
Alert Logic 9.9K views
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services6K views
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
Cprime251 views
Software Security MetricsSoftware Security Metrics
Software Security Metrics
Cigital3.6K views
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure SuccessAppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
Robert Grupe, CSSLP CISSP PE PMP463 views
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
Hendri Karisma526 views
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Sonatype 4.8K views
State of the Cloud 2023State of the Cloud 2023
State of the Cloud 2023
Bessemer Venture Partners14.3K views
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels12.9K views
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
Stefan Streichsbier1.6K views
Red team EngagementRed team Engagement
Red team Engagement
Indranil Banerjee1.7K views
SecDevOpsSecDevOps
SecDevOps
Peter Lamar1.4K views
Fallacies in Platform Engineering.pdfFallacies in Platform Engineering.pdf
Fallacies in Platform Engineering.pdf
LibbySchulze63 views
Red Team FrameworkRed Team Framework
Red Team Framework
👀 Joe Gray2.8K views

Similar to Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)

Thinking in GraphsThinking in Graphs
Thinking in GraphsOpen Security Summit 427 views95 slides
Thinking in graphs v1.0Thinking in graphs v1.0
Thinking in graphs v1.0Dinis Cruz1.8K views95 slides
Offload, Transform, and Present - The New World of Data IntegrationOffload, Transform, and Present - The New World of Data Integration
Offload, Transform, and Present - The New World of Data Integrationgluent.595 views70 slides
Building and deploying a predictive model in Azure Machine LearningBuilding and deploying a predictive model in Azure Machine Learning
Building and deploying a predictive model in Azure Machine LearningFrederic Simard57 views22 slides
Changing mindset&culture when implementing IAASChanging mindset&culture when implementing IAAS
Changing mindset&culture when implementing IAASJan Wiersma321 views18 slides
Linkurious Enterprise: graph visualization platform neo4jLinkurious Enterprise: graph visualization platform neo4j
Linkurious Enterprise: graph visualization platform neo4jLinkurious2.6K views16 slides

Similar to Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)(20)

Thinking in GraphsThinking in Graphs
Thinking in Graphs
Open Security Summit 427 views
Thinking in graphs v1.0Thinking in graphs v1.0
Thinking in graphs v1.0
Dinis Cruz1.8K views
Offload, Transform, and Present - The New World of Data IntegrationOffload, Transform, and Present - The New World of Data Integration
Offload, Transform, and Present - The New World of Data Integration
gluent.595 views
Building and deploying a predictive model in Azure Machine LearningBuilding and deploying a predictive model in Azure Machine Learning
Building and deploying a predictive model in Azure Machine Learning
Frederic Simard57 views
Changing mindset&culture when implementing IAASChanging mindset&culture when implementing IAAS
Changing mindset&culture when implementing IAAS
Jan Wiersma321 views
Linkurious Enterprise: graph visualization platform neo4jLinkurious Enterprise: graph visualization platform neo4j
Linkurious Enterprise: graph visualization platform neo4j
Linkurious2.6K views
Forecast 2014: Open Your DatacenterForecast 2014: Open Your Datacenter
Forecast 2014: Open Your Datacenter
Open Data Center Alliance494 views
Overcoming Business Challenges with AzureOvercoming Business Challenges with Azure
Overcoming Business Challenges with Azure
run_frictionless89 views
10 Keynotes in STRATA and HADOOP World Conference10 Keynotes in STRATA and HADOOP World Conference
10 Keynotes in STRATA and HADOOP World Conference
KCC Software Ltd. & Easylearning.guru253 views
Technology Radar Webinar UK - Vol. 22Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22
Thoughtworks1.3K views
Tech Days Sweden - Power BI - A look into the future with mixed realityTech Days Sweden - Power BI - A look into the future with mixed reality
Tech Days Sweden - Power BI - A look into the future with mixed reality
Ida Bergum198 views
The Making of a simple Cyber Threat Intelligence Gathering SystemThe Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering System
Niran Seriki, CCISO, CISM1.3K views
Cutting through the hype - how to use advanced analytics to do practical thin...Cutting through the hype - how to use advanced analytics to do practical thin...
Cutting through the hype - how to use advanced analytics to do practical thin...
Association for Project Management 392 views
APM PMC SIG conference 2021, Project controls: but not as we know it, Close o...APM PMC SIG conference 2021, Project controls: but not as we know it, Close o...
APM PMC SIG conference 2021, Project controls: but not as we know it, Close o...
Association for Project Management 192 views
DevSecOps - Colocando segurança na esteiraDevSecOps - Colocando segurança na esteira
DevSecOps - Colocando segurança na esteira
Diego Gabriel Cardoso474 views
Xoriant CDi Data As Service Webinar - Part 1Xoriant CDi Data As Service Webinar - Part 1
Xoriant CDi Data As Service Webinar - Part 1
Xoriant CDi 373 views
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
RachelFreegard140 views
How to harness big data to drive performance across your project portfolioHow to harness big data to drive performance across your project portfolio
How to harness big data to drive performance across your project portfolio
Smart ERP Solutions, Inc.281 views
Videbligo - Presentation.pdfVidebligo - Presentation.pdf
Videbligo - Presentation.pdf
Eric Walker5 views
Software Engineering Capstone SWE 481 Group 4 Group Project Phase 5Software Engineering Capstone SWE 481 Group 4 Group Project Phase 5
Software Engineering Capstone SWE 481 Group 4 Group Project Phase 5
Jim Richardson2.1K views

More from Dinis Cruz

Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)
Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)Dinis Cruz765 views31 slides
Glasswall - Safety and Integrity Through Trusted FilesGlasswall - Safety and Integrity Through Trusted Files
Glasswall - Safety and Integrity Through Trusted FilesDinis Cruz737 views20 slides
Glasswall - How to Prevent, Detect and React to Ransomware incidentsGlasswall - How to Prevent, Detect and React to Ransomware incidents
Glasswall - How to Prevent, Detect and React to Ransomware incidentsDinis Cruz773 views54 slides
The benefits of police and industry investigation - NPCC ConferenceThe benefits of police and industry investigation - NPCC Conference
The benefits of police and industry investigation - NPCC ConferenceDinis Cruz358 views70 slides
Serverless Security Workflows - cyber talks - 19th nov 2019Serverless Security Workflows - cyber talks - 19th nov 2019
Serverless Security Workflows - cyber talks - 19th nov 2019Dinis Cruz764 views68 slides
Making fact based decisions and 4 board decisions (Oct 2019)Making fact based decisions and 4 board decisions (Oct 2019)
Making fact based decisions and 4 board decisions (Oct 2019)Dinis Cruz1.2K views44 slides

More from Dinis Cruz(20)

Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)
Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)
Dinis Cruz765 views
Glasswall - Safety and Integrity Through Trusted FilesGlasswall - Safety and Integrity Through Trusted Files
Glasswall - Safety and Integrity Through Trusted Files
Dinis Cruz737 views
Glasswall - How to Prevent, Detect and React to Ransomware incidentsGlasswall - How to Prevent, Detect and React to Ransomware incidents
Glasswall - How to Prevent, Detect and React to Ransomware incidents
Dinis Cruz773 views
The benefits of police and industry investigation - NPCC ConferenceThe benefits of police and industry investigation - NPCC Conference
The benefits of police and industry investigation - NPCC Conference
Dinis Cruz358 views
Serverless Security Workflows - cyber talks - 19th nov 2019Serverless Security Workflows - cyber talks - 19th nov 2019
Serverless Security Workflows - cyber talks - 19th nov 2019
Dinis Cruz764 views
Making fact based decisions and 4 board decisions (Oct 2019)Making fact based decisions and 4 board decisions (Oct 2019)
Making fact based decisions and 4 board decisions (Oct 2019)
Dinis Cruz1.2K views
CISO Application presentation - Babylon health securityCISO Application presentation - Babylon health security
CISO Application presentation - Babylon health security
Dinis Cruz4K views
Using OWASP Security Bot (OSBot) to make Fact Based Security DecisionsUsing OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Dinis Cruz2.2K views
GSBot Commands (Slack Bot used to access Jira data)GSBot Commands (Slack Bot used to access Jira data)
GSBot Commands (Slack Bot used to access Jira data)
Dinis Cruz589 views
(OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6 (OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6
(OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6
Dinis Cruz1.5K views
OSBot - Data transformation workflow (from GSheet to Jupyter)OSBot - Data transformation workflow (from GSheet to Jupyter)
OSBot - Data transformation workflow (from GSheet to Jupyter)
Dinis Cruz738 views
Jira schemas - Open Security Summit (Working Session 21th May 2019)Jira schemas - Open Security Summit (Working Session 21th May 2019)
Jira schemas - Open Security Summit (Working Session 21th May 2019)
Dinis Cruz621 views
Template for "Sharing anonymised risk theme dashboards v0.8"Template for "Sharing anonymised risk theme dashboards v0.8"
Template for "Sharing anonymised risk theme dashboards v0.8"
Dinis Cruz447 views
Owasp and summits (may 2019)Owasp and summits (may 2019)
Owasp and summits (may 2019)
Dinis Cruz308 views
Open security summit 2019 owasp london 25th febOpen security summit 2019 owasp london 25th feb
Open security summit 2019 owasp london 25th feb
Dinis Cruz573 views
Owasp summit 2019 - OWASP London 25th febOwasp summit 2019 - OWASP London 25th feb
Owasp summit 2019 - OWASP London 25th feb
Dinis Cruz153 views
Evolving challenges for modern enterprise architectures in the age of APIsEvolving challenges for modern enterprise architectures in the age of APIs
Evolving challenges for modern enterprise architectures in the age of APIs
Dinis Cruz195 views
How to not fail at security data analytics (by CxOSidekick)How to not fail at security data analytics (by CxOSidekick)
How to not fail at security data analytics (by CxOSidekick)
Dinis Cruz329 views
Open Security Summit - April 2018 Open Security Summit - April 2018
Open Security Summit - April 2018
Dinis Cruz340 views
Using security to drive chaos engineering - April 2018Using security to drive chaos engineering - April 2018
Using security to drive chaos engineering - April 2018
Dinis Cruz832 views

Recently uploaded

The YAMZ MetadictionaryThe YAMZ Metadictionary
The YAMZ MetadictionaryJohn Kunze9 views9 slides
办理英国圣安德鲁斯大学毕业证原版一模一样办理英国圣安德鲁斯大学毕业证原版一模一样
办理英国圣安德鲁斯大学毕业证原版一模一样uncesxy4 views1 slide
办美国本科毕业证实拍图毕业证本科硕士文凭哪家好办美国本科毕业证实拍图毕业证本科硕士文凭哪家好
办美国本科毕业证实拍图毕业证本科硕士文凭哪家好sovcyuv3 views1 slide
Release Notes.docRelease Notes.doc
Release Notes.docGigiKent177 views61 slides
Dokumen.docxDokumen.docx
Dokumen.docxWILIAN728 views1 slide
《留学辍学》《精仿查尔斯特大学毕业证学位证书》《留学辍学》《精仿查尔斯特大学毕业证学位证书》
《留学辍学》《精仿查尔斯特大学毕业证学位证书》gcafbox3 views1 slide

Recently uploaded(20)

The YAMZ MetadictionaryThe YAMZ Metadictionary
The YAMZ Metadictionary
John Kunze9 views
办理英国圣安德鲁斯大学毕业证原版一模一样办理英国圣安德鲁斯大学毕业证原版一模一样
办理英国圣安德鲁斯大学毕业证原版一模一样
uncesxy4 views
办美国本科毕业证实拍图毕业证本科硕士文凭哪家好办美国本科毕业证实拍图毕业证本科硕士文凭哪家好
办美国本科毕业证实拍图毕业证本科硕士文凭哪家好
sovcyuv3 views
Release Notes.docRelease Notes.doc
Release Notes.doc
GigiKent177 views
Dokumen.docxDokumen.docx
Dokumen.docx
WILIAN728 views
《留学辍学》《精仿查尔斯特大学毕业证学位证书》《留学辍学》《精仿查尔斯特大学毕业证学位证书》
《留学辍学》《精仿查尔斯特大学毕业证学位证书》
gcafbox3 views
澳洲阿伯泰邓迪大学毕业证学位证办理方法澳洲阿伯泰邓迪大学毕业证学位证办理方法
澳洲阿伯泰邓迪大学毕业证学位证办理方法
gonksoe3 views
原版定制:英国赫尔大学毕业证书案例原版定制:英国赫尔大学毕业证书案例
原版定制:英国赫尔大学毕业证书案例
gonksoe3 views
留学罗格斯大学纽瓦克分校须知:如何办理毕业证书、学位证书?留学罗格斯大学纽瓦克分校须知:如何办理毕业证书、学位证书?
留学罗格斯大学纽瓦克分校须知:如何办理毕业证书、学位证书?
vnpazuc4 views
办理英国曼彻斯特城市大学毕业证原版一模一样办理英国曼彻斯特城市大学毕业证原版一模一样
办理英国曼彻斯特城市大学毕业证原版一模一样
uncesxy3 views
快速办理布鲁内尔大学毕业证学位证书快速办理布鲁内尔大学毕业证学位证书
快速办理布鲁内尔大学毕业证学位证书
yovuyhp3 views
加拿大假文凭价格谢布克大学毕业证学位证书加拿大假文凭价格谢布克大学毕业证学位证书
加拿大假文凭价格谢布克大学毕业证学位证书
dadot23 views
办美国大学毕业证学位证圣约翰大学毕业证制作|办美国大学毕业证学位证圣约翰大学毕业证制作|
办美国大学毕业证学位证圣约翰大学毕业证制作|
vweuwx3 views
Emailidator - Validate email addressEmailidator - Validate email address
Emailidator - Validate email address
Email Iditor6 views
巴塞罗那自治大学文凭认证真实留信网认证巴塞罗那自治大学文凭认证真实留信网认证
巴塞罗那自治大学文凭认证真实留信网认证
dadot23 views
Richard - MedComNet Panel - Final Version.pdfRichard - MedComNet Panel - Final Version.pdf
Richard - MedComNet Panel - Final Version.pdf
Richard Renwei Li4 views
Richard - IFIP Networking 2021 - Panel.pdfRichard - IFIP Networking 2021 - Panel.pdf
Richard - IFIP Networking 2021 - Panel.pdf
Richard Renwei Li4 views
买毕业证靠谱吗达特茅斯学院毕业证成绩单买毕业证靠谱吗达特茅斯学院毕业证成绩单
买毕业证靠谱吗达特茅斯学院毕业证成绩单
gonksoe4 views
靠谱!网上买新墨西哥大学毕业证书和学位证书靠谱!网上买新墨西哥大学毕业证书和学位证书
靠谱!网上买新墨西哥大学毕业证书和学位证书
ktykyb3 views
意大利意大利罗马一大毕业证、学位证原版制作意大利意大利罗马一大毕业证、学位证原版制作
意大利意大利罗马一大毕业证、学位证原版制作
vweuwx3 views

Creating a graph based security organisation - Apr 2019 (OWASP London chapter meeting)

  1. Creating a graph-based security organisation Dinis Cruz dinis.cruz@photobox.com OWASP London Chapter meeting April / 2019
  2. 2
  3. What are Security’s meta objectives ● Allowing the business to execute it’s mission and objectives within their ‘accepted risk level’ ● Allowing the business to make FACT and RISK based decisions ● Improving the business’ ability to deploy changes and enabling it to ‘move faster’ ● Allowing the business to understand better how it behaves and what are the side effects of it’s actions/decisions ● Increasing the cost of malicious entities to execute their objectives ● Effectively handling incidents and preventing crisis ● Making compliance easy ● Enabling the business to think in ‘Graphs’ 3
  4. Security is a major agent of change (just about everything we do requires a change request) 4
  5. Security is at the epicentre of data (we can get data feeds from everywhere) 5
  6. Data is not linear or tabular Data is hyperlinked and relational 6
  7. Only effective solution is to: Manage and visualise data as a Graph … 7
  8. …and to create a Graph based security organisation 8
  9. How we did it 9
  10. 10 It all started with this RISK Workflow
  11. 11 Now refactored to
  12. 12 We use JIRA as a Graph Database
  13. We created a serverless workflow Graph database Queryable data store Lambda functions Command line / feedback loop Our hyperlinked security taxonomy... ...is dumped every few seconds into ELK... ...made queryable by code functions... ...with the user journey all in Slack.
  14. 14 We sync all JIRA data into Elastic Stack
  15. 15 We use a Slack bot to access the data
  16. 16 Searching Jira and rendering plantuml
  17. 17 PlantUML graphs from JIRA data
  18. 19 Mapping projects to OKRs
  19. 20 Mapping Services to Roles
  20. 2 Multiple ways to Visualise data
  21. 22 The Universe
  22. Work done yesterday
  23. Work done last week
  24. ‘ The Bicycle
  25. ‘ Spot the bad mappings
  26. 27 A sail of a boat or Music Equalizer
  27. ‘ My Brain on Friday
  28. Where is Everybody?
  29. Funny ones
  30. ‘Wardley Maps’
  31. Automatic generation of Slides 3
  32. 33 Creating slides and pdfs from GS Bot
  33. 34
  34. 35
  35. 36
  36. 37
  37. 38
  38. 39
  39. Syncing Google Sheets with Jira 4
  40. Meet Maeve
  41. Demo 42
  42. Syncing Google Sheets With Jira OWASP Demo Maeve Scarry 4th April 2019
  43. 1 Create ticket in Jira
  44. 2 Create tasks
  45. 3 Column view
  46. 4 Spider view
  47. 5 Graph view
  48. 6 Table view
  49. 7 Creating a Google Sheet
  50. 8 Google Sheet
  51. 9 Editing the Sheet
  52. 10 Editing the Sheet
  53. 11 Syncing Google Sheets to Jira
  54. 12 Final Jira View
  55. Rendering Sheets and Slides in Slack 5
  56. Consume materials created in Slack
  57. Empowering the business to make Fact based Security Decisions 5
  58. 59 Risk Dashboards (from Jira Data) Maturity DEMO DATA
  59. 60 Show Risk evolution FY18 (score of 45) FY18 (score of 55) Maturity DEMO DATA
  60. 61 Show Risk Delta (Risk impact of decisions) DEMO DATA
  61. Show me the code 62
  62. Most of the code is on GitHub
  63. Broken down in modules(build using AWS CodeBuild)
  64. Please contribute and participante in the conversation 6
  65. Ok, how can I learn more about this? And where can I try it? 66
  66. Open Security Summit 2019 https://docs.google.com/presentation/d/1GlCvPmBHqcn_VA1ciVirgkoP1RSkSccHhd_Wx1BaG4s/edit#slide=id.p1
  67. The place to be to collaborate https://docs.google.com/presentation/d/1GlCvPmBHqcn_VA1ciVirgkoP1RSkSccHhd_Wx1BaG4s/edit#slide=id.p1
  68. Last year’s action
  69. Buy your ticket now! (we are running out of villas) https://open-security-summit.org/
  70. Also available at https://z-developers.com/ Read the ‘Generation Z Developers’ https://leanpub.com/generation-z/ https://github.com/DinisCruz/Book_Generation_Z_Developer
  71. 72 Further reading https://www.youtube.com/watch?v=xwuXz1ZEnhA https://leanpub.com/secdevops
  72. Thanks 73