Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Join the conversation #DevSecCon
BY DINIS CRUZ, CISO, PHOTOBOX GROUP
Creating a Graph-based 

Security Organisation
This is a presentation about Graphs
Why Graphs?
Graphs are a better framework to look at
the problem
Refactor the problem until the
solution is easy
What is a graph?
What is a graph?
What is a graph?
What is a graph?
What is a graph?
What is a graph?
Graphs in Security
Graphs in Security
Graphs in Security
Threat Models are Graphs
Threat Models are Graphs
Threat Models are Graphs
Some of biggest tech companies are

graph companies
Some of biggest tech companies are

graph companies
Some of biggest tech companies are

graph companies
Ideas are Graphs
Ideas are Graphs
Ideas are Graphs
Jira Workflows are Graphs
Jira Workflows are Graphs
Jira Workflows are Graphs
Source code
Source code
Source code
…are graphs too
…are graphs too
…are graphs too
Git is a graph
Git is a graph
Git is a graph
Tensor Flow
Tensor Flow
Tensor Flow
Hyperlinks are Graphs (i.e. the web)
Hyperlinks are Graphs (i.e. the web)
Hyperlinks are Graphs (i.e. the web)
Neo4J
Neo4J
Neo4J
Neo4J
Neo4J
Cypher (Neo4j query language)
Cypher (Neo4j query language)
Cypher (Neo4j query language)
Graph Books & Thinking in graphs
Graph Books & Thinking in graphs
Graph Books & Thinking in graphs
Vectors
Vectors (by Elon Musk)
https://thinkgrowth.org/what-elon-musk-taught-me-about-growing-a-business-c2c173f5bff3
Vectors (by Elon Musk)
https://thinkgrowth.org/what-elon-musk-taught-me-about-growing-a-business-c2c173f5bff3
“Every perso...
Align Vectors
Align Vectors
Align Vectors
TeamMentor Graph
TeamMentor example
TeamMentor example
TeamMentor Graphs
TeamMentor Graphs
TeamMentor Graphs
Filter Graph to understand/design it
Filter Graph to understand/design it
Filter Graph to understand/design it
LevelGraph (based on LevelDB)
LevelGraph (based on LevelDB)
LevelGraph (based on LevelDB)
LevelGraph (based on LevelDB)
Viz.js
http://visjs.org/examples/network/exampleApplications/worldCupPerformance.html
Viz.js
http://visjs.org/examples/network/exampleApplications/worldCupPerformance.html
Viz.js
http://visjs.org/examples/network/exampleApplications/worldCupPerformance.html
Jira and Confluence
We use Jira as a Graph Database
We use Jira as a Graph Database
Global Key
We use Jira as a Graph Database
Labels
Global Key
We use Jira as a Graph Database
Labels
Extra 

Attributes
Global Key
We use Jira as a Graph Database
Labels
Extra 

Attributes
Global Key
Workflows
We use Jira as a Graph Database
Labels
Extra 

Attributes
Global Key
Workflows
Assignments
We use Jira as a Graph Database
Labels
Extra 

Attributes
Global Key
Workflows
Assignments
TimeStamps
We use Jira as a Graph Database
Labels
Extra 

Attributes
Global Key
Workflows
Assignments
TimeStamps
Linked to Epic
Epic captures all risks and tasks
Epic captures all risks and tasks
Confluence page captures facts
Confluence page captures facts
Hyperlinked risks
We use Confluence to view the data
How we handle incidents/events
Task Response is used to capture result
Security organisation as an graph
Security organisation as an graph
Each Pillar is mapped to
a Capability
Security organisation as an graph
Each Pillar is mapped to
a Capability
Each Capability is mapped to
an Programme
Security organisation as an graph
Each Pillar is mapped to
a Capability
Each Capability is mapped to
an Programme
Security organisation as an graph
Each Pillar is mapped to
a Capability
Each Capability is mapped to
an Programme
Each Pro...
Group Security Projects as Jira Issues
Group Security Projects as Jira Issues
Group Security Projects as Jira Issues
Using OpenSourced API to filter JIRA data 

(please contribute)
A Company as a graph
• Everybody is connected to 

everybody
A Company as a graph
• Everybody is connected to 

everybody
• Interconnections are
fundamental for effectiveness

and sca...
A Company as a graph
• Everybody is connected to 

everybody
• Interconnections are
fundamental for effectiveness

and sca...
JIRA for Ops Teams
• How do you know your team is working?
JIRA for Ops Teams
• How do you know your team is working?
• When you see initiative being taken
JIRA for Ops Teams
• How do you know your team is working?
• When you see initiative being taken
• Without your direct inv...
JIRA for Ops Teams
• How do you know your team is working?
• When you see initiative being taken
• Without your direct inv...
JIRA for Ops Teams
• How do you know your team is working?
• When you see initiative being taken
• Without your direct inv...
JIRA for Ops Teams
• How do you know your team is working?
• When you see initiative being taken
• Without your direct inv...
JIRA for Ops Teams
• How do you know your team is working?
• When you see initiative being taken
• Without your direct inv...
JIRA for Ops Teams
• How do you know your team is working?
• When you see initiative being taken
• Without your direct inv...
Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task b...
Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task b...
Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task b...
Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task b...
Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task b...
Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task b...
Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task b...
Graphs require human maintenance (JIRA for Ops Teams)
• How many team members do you have to
monitor and drive Jira task b...
How to Break a Graph
• Hyperlinking makes and maintains
connections
How to Break a Graph
• Hyperlinking makes and maintains
connections
• Always OpenSource information
How to Break a Graph
• Hyperlinking makes and maintains
connections
• Always OpenSource information
• Expand the network, ...
How to Break a Graph
• Hyperlinking makes and maintains
connections
• Always OpenSource information
• Expand the network, ...
How to Break a Graph
• Hyperlinking makes and maintains
connections
• Always OpenSource information
• Expand the network, ...
How to Break a Graph
• Hyperlinking makes and maintains
connections
• Always OpenSource information
• Expand the network, ...
How to Break a Graph
• Hyperlinking makes and maintains
connections
• Always OpenSource information
• Expand the network, ...
How to Break a Graph
• Hyperlinking makes and maintains
connections
• Always OpenSource information
• Expand the network, ...
Graphs and DevOps
• Continuous Integration (CI) produces graphs, however we don’t test CI
Graphs and DevOps
• Continuous Integration (CI) produces graphs, however we don’t test CI
• In DevOps, the production pipe...
Graphs and DevOps
• Continuous Integration (CI) produces graphs, however we don’t test CI
• In DevOps, the production pipe...
Graphs and DevOps
• Continuous Integration (CI) produces graphs, however we don’t test CI
• In DevOps, the production pipe...
Graphs and DevOps
• Continuous Integration (CI) produces graphs, however we don’t test CI
• In DevOps, the production pipe...
Graphs and DevOps
• Continuous Integration (CI) produces graphs, however we don’t test CI
• In DevOps, the production pipe...
Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their sk...
Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their sk...
Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their sk...
Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their sk...
Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their sk...
Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their sk...
Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their sk...
Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their sk...
Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their sk...
Recruiting as a graph (for recruiters and candidates)
• You need to find matches (roles to candidates) by
mapping their sk...
Turning the problem into the Solution
Turning the problem into the Solution
Turning the problem into the Solution
Each square represents a time period
Chiswick Timeline
https://www.youtube.com/watch?v=RlyPSY0KS2k
We (in this room) are the crazy ones

We (in this room) are the crazy ones

We are the ones that believe we can
change the world
Next Summit
2018, June
Will you be there?
Final Thoughts
• The security industry/community needs to work collaboratively to
keep up with all that is required to pro...
Final Thoughts
• The security industry/community needs to work collaboratively to
keep up with all that is required to pro...
Final Thoughts
• The security industry/community needs to work collaboratively to
keep up with all that is required to pro...
Final Thoughts
• The security industry/community needs to work collaboratively to
keep up with all that is required to pro...
Final Thoughts
• The security industry/community needs to work collaboratively to
keep up with all that is required to pro...
Final Thoughts
• The security industry/community needs to work collaboratively to
keep up with all that is required to pro...
Final Thoughts
• The security industry/community needs to work collaboratively to
keep up with all that is required to pro...
Join the conversation #DevSecCon
Thanks for listening
@DinisCruz
Creating a Graph Based Security Organisation - DevSecCon Keynote
Creating a Graph Based Security Organisation - DevSecCon Keynote
Creating a Graph Based Security Organisation - DevSecCon Keynote
Creating a Graph Based Security Organisation - DevSecCon Keynote
Creating a Graph Based Security Organisation - DevSecCon Keynote
Creating a Graph Based Security Organisation - DevSecCon Keynote
Creating a Graph Based Security Organisation - DevSecCon Keynote
Upcoming SlideShare
Loading in …5
×

Creating a Graph Based Security Organisation - DevSecCon Keynote

924 views

Published on

As delivered at DevSecCon London 2017

Published in: Technology

Creating a Graph Based Security Organisation - DevSecCon Keynote

  1. 1. Join the conversation #DevSecCon BY DINIS CRUZ, CISO, PHOTOBOX GROUP Creating a Graph-based 
 Security Organisation
  2. 2. This is a presentation about Graphs
  3. 3. Why Graphs?
  4. 4. Graphs are a better framework to look at the problem
  5. 5. Refactor the problem until the solution is easy
  6. 6. What is a graph?
  7. 7. What is a graph?
  8. 8. What is a graph?
  9. 9. What is a graph?
  10. 10. What is a graph?
  11. 11. What is a graph?
  12. 12. Graphs in Security
  13. 13. Graphs in Security
  14. 14. Graphs in Security
  15. 15. Threat Models are Graphs
  16. 16. Threat Models are Graphs
  17. 17. Threat Models are Graphs
  18. 18. Some of biggest tech companies are
 graph companies
  19. 19. Some of biggest tech companies are
 graph companies
  20. 20. Some of biggest tech companies are
 graph companies
  21. 21. Ideas are Graphs
  22. 22. Ideas are Graphs
  23. 23. Ideas are Graphs
  24. 24. Jira Workflows are Graphs
  25. 25. Jira Workflows are Graphs
  26. 26. Jira Workflows are Graphs
  27. 27. Source code
  28. 28. Source code
  29. 29. Source code
  30. 30. …are graphs too
  31. 31. …are graphs too
  32. 32. …are graphs too
  33. 33. Git is a graph
  34. 34. Git is a graph
  35. 35. Git is a graph
  36. 36. Tensor Flow
  37. 37. Tensor Flow
  38. 38. Tensor Flow
  39. 39. Hyperlinks are Graphs (i.e. the web)
  40. 40. Hyperlinks are Graphs (i.e. the web)
  41. 41. Hyperlinks are Graphs (i.e. the web)
  42. 42. Neo4J
  43. 43. Neo4J
  44. 44. Neo4J
  45. 45. Neo4J
  46. 46. Neo4J
  47. 47. Cypher (Neo4j query language)
  48. 48. Cypher (Neo4j query language)
  49. 49. Cypher (Neo4j query language)
  50. 50. Graph Books & Thinking in graphs
  51. 51. Graph Books & Thinking in graphs
  52. 52. Graph Books & Thinking in graphs
  53. 53. Vectors
  54. 54. Vectors (by Elon Musk) https://thinkgrowth.org/what-elon-musk-taught-me-about-growing-a-business-c2c173f5bff3
  55. 55. Vectors (by Elon Musk) https://thinkgrowth.org/what-elon-musk-taught-me-about-growing-a-business-c2c173f5bff3 “Every person in your company is a vector. Your progress is determined by the sum of all vectors.” —  Elon Musk
  56. 56. Align Vectors
  57. 57. Align Vectors
  58. 58. Align Vectors
  59. 59. TeamMentor Graph
  60. 60. TeamMentor example
  61. 61. TeamMentor example
  62. 62. TeamMentor Graphs
  63. 63. TeamMentor Graphs
  64. 64. TeamMentor Graphs
  65. 65. Filter Graph to understand/design it
  66. 66. Filter Graph to understand/design it
  67. 67. Filter Graph to understand/design it
  68. 68. LevelGraph (based on LevelDB)
  69. 69. LevelGraph (based on LevelDB)
  70. 70. LevelGraph (based on LevelDB)
  71. 71. LevelGraph (based on LevelDB)
  72. 72. Viz.js http://visjs.org/examples/network/exampleApplications/worldCupPerformance.html
  73. 73. Viz.js http://visjs.org/examples/network/exampleApplications/worldCupPerformance.html
  74. 74. Viz.js http://visjs.org/examples/network/exampleApplications/worldCupPerformance.html
  75. 75. Jira and Confluence
  76. 76. We use Jira as a Graph Database
  77. 77. We use Jira as a Graph Database Global Key
  78. 78. We use Jira as a Graph Database Labels Global Key
  79. 79. We use Jira as a Graph Database Labels Extra 
 Attributes Global Key
  80. 80. We use Jira as a Graph Database Labels Extra 
 Attributes Global Key Workflows
  81. 81. We use Jira as a Graph Database Labels Extra 
 Attributes Global Key Workflows Assignments
  82. 82. We use Jira as a Graph Database Labels Extra 
 Attributes Global Key Workflows Assignments TimeStamps
  83. 83. We use Jira as a Graph Database Labels Extra 
 Attributes Global Key Workflows Assignments TimeStamps Linked to Epic
  84. 84. Epic captures all risks and tasks
  85. 85. Epic captures all risks and tasks
  86. 86. Confluence page captures facts
  87. 87. Confluence page captures facts
  88. 88. Hyperlinked risks
  89. 89. We use Confluence to view the data
  90. 90. How we handle incidents/events
  91. 91. Task Response is used to capture result
  92. 92. Security organisation as an graph
  93. 93. Security organisation as an graph Each Pillar is mapped to a Capability
  94. 94. Security organisation as an graph Each Pillar is mapped to a Capability Each Capability is mapped to an Programme
  95. 95. Security organisation as an graph Each Pillar is mapped to a Capability Each Capability is mapped to an Programme
  96. 96. Security organisation as an graph Each Pillar is mapped to a Capability Each Capability is mapped to an Programme Each Programme is mapped to a Project
  97. 97. Group Security Projects as Jira Issues
  98. 98. Group Security Projects as Jira Issues
  99. 99. Group Security Projects as Jira Issues
  100. 100. Using OpenSourced API to filter JIRA data 
 (please contribute)
  101. 101. A Company as a graph • Everybody is connected to 
 everybody
  102. 102. A Company as a graph • Everybody is connected to 
 everybody • Interconnections are fundamental for effectiveness
 and scalability
  103. 103. A Company as a graph • Everybody is connected to 
 everybody • Interconnections are fundamental for effectiveness
 and scalability • The Group Security (GS) team is one of the nodes in the interconnected entities
  104. 104. JIRA for Ops Teams • How do you know your team is working?
  105. 105. JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken
  106. 106. JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement
  107. 107. JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement • When tasks are visible to everyone on the team – such as in JIRA
  108. 108. JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement • When tasks are visible to everyone on the team – such as in JIRA • Do you use JIRA?  
  109. 109. JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement • When tasks are visible to everyone on the team – such as in JIRA • Do you use JIRA?   • For those who don’t, how do you keep track of tasks?
  110. 110. JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement • When tasks are visible to everyone on the team – such as in JIRA • Do you use JIRA?   • For those who don’t, how do you keep track of tasks? • A task is a fresh idea
  111. 111. JIRA for Ops Teams • How do you know your team is working? • When you see initiative being taken • Without your direct involvement • When tasks are visible to everyone on the team – such as in JIRA • Do you use JIRA?   • For those who don’t, how do you keep track of tasks? • A task is a fresh idea • If you don’t capture or hyperlink it, you will lose it
  112. 112. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards?
  113. 113. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is
  114. 114. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph
  115. 115. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph • Ensures the graph functions, and grows
  116. 116. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph • Ensures the graph functions, and grows • Contributes to the achievement of business goals
  117. 117. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph • Ensures the graph functions, and grows • Contributes to the achievement of business goals • Your Ops team should have a budget to spend on resources to ensure they learn, grow in, master, and ultimately redefine their roles
  118. 118. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph • Ensures the graph functions, and grows • Contributes to the achievement of business goals • Your Ops team should have a budget to spend on resources to ensure they learn, grow in, master, and ultimately redefine their roles • This requires trust, but if you can’t trust your team, you have problems
  119. 119. Graphs require human maintenance (JIRA for Ops Teams) • How many team members do you have to monitor and drive Jira task boards? • A lean operations team is • Focussed on maintaining the JIRA graph • Ensures the graph functions, and grows • Contributes to the achievement of business goals • Your Ops team should have a budget to spend on resources to ensure they learn, grow in, master, and ultimately redefine their roles • This requires trust, but if you can’t trust your team, you have problems • Question: ‘Who is empowered to spend up to £1000 (now)?’
  120. 120. How to Break a Graph • Hyperlinking makes and maintains connections
  121. 121. How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information
  122. 122. How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways
  123. 123. How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways • Unbroken graphs, can expand independently and dynamically
  124. 124. How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways • Unbroken graphs, can expand independently and dynamically • Avatao Open Source case study
  125. 125. How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways • Unbroken graphs, can expand independently and dynamically • Avatao Open Source case study • Hackathons for developers
  126. 126. How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways • Unbroken graphs, can expand independently and dynamically • Avatao Open Source case study • Hackathons for developers • Open source engine:
  127. 127. How to Break a Graph • Hyperlinking makes and maintains connections • Always OpenSource information • Expand the network, let others develop your information or ideas in new ways • Unbroken graphs, can expand independently and dynamically • Avatao Open Source case study • Hackathons for developers • Open source engine: • https://github.com/avatao-content/ challenge-toolbox
  128. 128. Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI
  129. 129. Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI • In DevOps, the production pipeline is pushed faster and faster, creating problems further along the way
  130. 130. Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI • In DevOps, the production pipeline is pushed faster and faster, creating problems further along the way • We need to think of the CI pipeline as a graph
  131. 131. Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI • In DevOps, the production pipeline is pushed faster and faster, creating problems further along the way • We need to think of the CI pipeline as a graph • Write rules (i.e. tests) to validate our expectations
  132. 132. Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI • In DevOps, the production pipeline is pushed faster and faster, creating problems further along the way • We need to think of the CI pipeline as a graph • Write rules (i.e. tests) to validate our expectations • We need Static analysis technology !!!!!! (SAST for CI)
  133. 133. Graphs and DevOps • Continuous Integration (CI) produces graphs, however we don’t test CI • In DevOps, the production pipeline is pushed faster and faster, creating problems further along the way • We need to think of the CI pipeline as a graph • Write rules (i.e. tests) to validate our expectations • We need Static analysis technology !!!!!! (SAST for CI) • This will allow us to understand how the pipeline behaves and interconnects
  134. 134. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph
  135. 135. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their:
  136. 136. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities,
  137. 137. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences
  138. 138. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations
  139. 139. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations • The good candidates will behave as if they are already working for the company
  140. 140. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations • The good candidates will behave as if they are already working for the company • hack it (i.e. find vulns and report them)
  141. 141. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations • The good candidates will behave as if they are already working for the company • hack it (i.e. find vulns and report them) • collaborate with company’s teams
  142. 142. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations • The good candidates will behave as if they are already working for the company • hack it (i.e. find vulns and report them) • collaborate with company’s teams • Add value (somewhere)
  143. 143. Recruiting as a graph (for recruiters and candidates) • You need to find matches (roles to candidates) by mapping their skills, talent, and experience in a graph • What we want to see from candidates is their: • GitHub, Twitter, and blogging activities, • Contributions at conferences • Open Source collaborations • The good candidates will behave as if they are already working for the company • hack it (i.e. find vulns and report them) • collaborate with company’s teams • Add value (somewhere) • We want to see if they can “think in graphs”
  144. 144. Turning the problem into the Solution
  145. 145. Turning the problem into the Solution
  146. 146. Turning the problem into the Solution
  147. 147. Each square represents a time period
  148. 148. Chiswick Timeline
  149. 149. https://www.youtube.com/watch?v=RlyPSY0KS2k
  150. 150. We (in this room) are the crazy ones

  151. 151. We (in this room) are the crazy ones
 We are the ones that believe we can change the world
  152. 152. Next Summit 2018, June Will you be there?
  153. 153. Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry
  154. 154. Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities
  155. 155. Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities • This is not going to get easier
  156. 156. Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities • This is not going to get easier • Everyone has a role to play
  157. 157. Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities • This is not going to get easier • Everyone has a role to play • Sec industry needs to think of itself as a graph
  158. 158. Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities • This is not going to get easier • Everyone has a role to play • Sec industry needs to think of itself as a graph • We need to leverage connections, data, knowledge, and  experience
  159. 159. Final Thoughts • The security industry/community needs to work collaboratively to keep up with all that is required to protect our industry • As cyber-criminals refine their business model and act more like corporate entities • This is not going to get easier • Everyone has a role to play • Sec industry needs to think of itself as a graph • We need to leverage connections, data, knowledge, and  experience • Owasp CDC (Collective Defence Cluster) is a good example of this
  160. 160. Join the conversation #DevSecCon Thanks for listening @DinisCruz

×