Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions

Chief Scientist at Glasswall and CISO at Holland and Barrett
Sep. 23, 2019
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
1 of 70

More Related Content

Slideshows for you

October 2020 meetupOctober 2020 meetup
October 2020 meetupDaliya Spasova
Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...
Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...Veritas Technologies LLC
What is the Future of SIEM? What is the Future of SIEM?
What is the Future of SIEM? Elasticsearch
VSD Zurich 2018: The Data OpportunityVSD Zurich 2018: The Data Opportunity
VSD Zurich 2018: The Data OpportunityVeritas Technologies LLC
The Journey from Zero to SOC: How Citadel built its Security Operations from ...The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...Elasticsearch
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...MarketingArrowECS_CZ

Slideshows for you(20)

Similar to Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions

Global IoT Cloud Services Survey-Aug-20160527Global IoT Cloud Services Survey-Aug-20160527
Global IoT Cloud Services Survey-Aug-20160527August Lin
Cloud Computing for Business - The Road to IT-as-a-ServiceCloud Computing for Business - The Road to IT-as-a-Service
Cloud Computing for Business - The Road to IT-as-a-ServiceJames Urquhart
Appcelerator iPhone/iPad Dev Con 2010 San Diego, CAAppcelerator iPhone/iPad Dev Con 2010 San Diego, CA
Appcelerator iPhone/iPad Dev Con 2010 San Diego, CAJeff Haynie
iPhone/iPad Development with TitaniumiPhone/iPad Development with Titanium
iPhone/iPad Development with TitaniumAxway Appcelerator
Power BI dataflows と Power Platform Data Integration の使いどころPower BI dataflows と Power Platform Data Integration の使いどころ
Power BI dataflows と Power Platform Data Integration の使いどころYugo Shimizu
Introducing the Vitis Unified Software Platform for Programming FPGAsIntroducing the Vitis Unified Software Platform for Programming FPGAs
Introducing the Vitis Unified Software Platform for Programming FPGAsinside-BigData.com

Similar to Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions(20)

More from Dinis Cruz

Map camp  - Why context is your crown jewels (Wardley Maps and Threat Modeling)Map camp  - Why context is your crown jewels (Wardley Maps and Threat Modeling)
Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)Dinis Cruz
Glasswall - How to Prevent, Detect and React to Ransomware incidentsGlasswall - How to Prevent, Detect and React to Ransomware incidents
Glasswall - How to Prevent, Detect and React to Ransomware incidentsDinis Cruz
Using Wardley Maps to Understand Security's Landscape and StrategyUsing Wardley Maps to Understand Security's Landscape and Strategy
Using Wardley Maps to Understand Security's Landscape and StrategyDinis Cruz
GSBot Commands (Slack Bot used to access Jira data)GSBot Commands (Slack Bot used to access Jira data)
GSBot Commands (Slack Bot used to access Jira data)Dinis Cruz
OSBot - Data transformation workflow (from GSheet to Jupyter)OSBot - Data transformation workflow (from GSheet to Jupyter)
OSBot - Data transformation workflow (from GSheet to Jupyter)Dinis Cruz
Jira schemas  - Open Security Summit (Working Session 21th May 2019)Jira schemas  - Open Security Summit (Working Session 21th May 2019)
Jira schemas - Open Security Summit (Working Session 21th May 2019)Dinis Cruz

More from Dinis Cruz(20)

Recently uploaded

Daily Scrum, Sprint Review & Retrospective.pptxDaily Scrum, Sprint Review & Retrospective.pptx
Daily Scrum, Sprint Review & Retrospective.pptxMd. Rakib Trofder
Welcome and State of Apache CloudStack CommunityWelcome and State of Apache CloudStack Community
Welcome and State of Apache CloudStack CommunityShapeBlue
Future of Virtual realityFuture of Virtual reality
Future of Virtual realitymdpavel4
NoSQL Data Migration Masterclass - Session 1 Migration Strategies and ChallengesNoSQL Data Migration Masterclass - Session 1 Migration Strategies and Challenges
NoSQL Data Migration Masterclass - Session 1 Migration Strategies and ChallengesScyllaDB
CloudStack Managed User-data & DemoCloudStack Managed User-data & Demo
CloudStack Managed User-data & DemoShapeBlue
GDSC23 SAC - Info Session GDSC.pptxGDSC23 SAC - Info Session GDSC.pptx
GDSC23 SAC - Info Session GDSC.pptxSAC

Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions

  1. Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions Sep 2019, @DinisCruz Lightning talk (15m)
  2. What can OSBot do for me?
  3. Make sense of reality
  4. Be your friend (that automates you)
  5. Graph your CISO’s world
  6. CLI (Command Line Interface) to your data
  7. REPL your world (Read Evaluate Print Loop)
  8. Threat Models (in a scalable way)
  9. DataScience your data
  10. Screenshots of OWASP Pages
  11. Screenshots of Jira issues
  12. Graph project’s to outcomes and threats
  13. Incident workflow automation Real-word example
  14. Workflow Person Credentials Application uses to access conditions generate Alert acknowledged in Slack by entered in action updates status of alert in
  15. Slack as UI , Jira as Database
  16. Jira as (graph) database
  17. Ask user if they were the ones login in https://twitter.com/DinisCruz/status/1153591757290057733
  18. GSBot Commands
  19. graph expand GSP-181 1 delivers,is needed by graph expand GSP-181 2 delivers,is needed by
  20. graph expand GSP-181 3 delivers,is needed by graph expand GSP-181 3 delivers,is needed by,fixes,achieves
  21. Security Team Data Science Tech Stack
  22. Serverless stack
  23. Scalable data creation workflow
  24. JIRA
  25. Elastic (ELK)
  26. Slack
  27. Jupyter notebooks
  28. Other Key Components
  29. Jira Schema
  30. Create schema that represents the business
  31. Map reality
  32. Workflow everything
  33. Risk workflows
  34. Scale using Workflows RISK Workflow VULN Workflow
  35. Global Dashboards that actually are FACT based
  36. Hyperlinked RISKs (from R1s to R4s to V1s to V3s)
  37. Modern approach to managing security RISKs https://www.soa.org/globalassets/assets/Files/Research/Projects/research-new-approach.pdf
  38. Linked Security Policies = Fact based Security Decisions
  39. Hyperlinked policies in Jira Policy’s pdfs do not scale because it is not possible to link real-world data to the respective policy
  40. Convert policy into an graph
  41. Policies Links to Facts Links to Vulns Links to Risks
  42. Context specific Jira projects (for example FACTs)
  43. Wardley Maps
  44. Meet Simon ….
  45. Using Wardley Maps on Healthcare https://wardle.org/strategy/2018/07/19/mapping.html
  46. Maps help to visualise strategy (and bias)
  47. Metadata use in Maps is very powerful https://medium.com/@erik_schon/the-art-of-strategy-811c00a96fad
  48. Advanced Wardley Mapping
  49. Create Wardley maps using OSBot
  50. OSBot via Jupyter
  51. Where is the code?
  52. How do I learn more?
  53. Jon Hawes BSides Vegas 2019 presentation https://www.slideshare.net/JonHawes3/building-an-enterprise-security-knowledge-graph-to-fue l-better-decisions-faster
  54. Other presentations (in slideshare) https://www.slideshare.net/DinisCruz/creating-a-graph-based-security-organisation-apr-2019-owasp-london- chapter-meeting https://www.slideshare.net/DinisCruz/osbot-data-transformation-workflow-from-gsheet-to-jupyter-156132054https://www.slideshare.net/DinisCruz/osbot-jira-data-import-from-gsheet-to-jira-via-jupyter-v09 https://www.slideshare.net/DinisCruz/gsbot-commands-slack-bot-used-to-access-jira-data
  55. Thanks