Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster

Goher Mohammad
May. 18, 2018
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
1 of 30

Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster

May. 18, 2018
Download to read offline
Technology

Guest speaker presentation on Scaling Security Workflows and how to be hired for a crowd sourcing security team by Goher Mohammad of Photobox Group Security

Goher Mohammad

Recommended

Owasp summit debrief v1.0 (jun 2017)Owasp summit debrief v1.0 (jun 2017)
Owasp summit debrief v1.0 (jun 2017)owaspsummit1.5K views83 slides
DOES SFO 2016 - Paula Thrasher & Kevin Stanley - Building Brilliant Teams DOES SFO 2016 - Paula Thrasher & Kevin Stanley - Building Brilliant Teams
DOES SFO 2016 - Paula Thrasher & Kevin Stanley - Building Brilliant Teams Gene Kim537 views15 slides
DevOps, Continuous Delivery and Deployment at Hyper ScaleDevOps, Continuous Delivery and Deployment at Hyper Scale
DevOps, Continuous Delivery and Deployment at Hyper ScaleMartinHogg9381 views22 slides
The D Files: Debunking Myths About Distributed TeamsThe D Files: Debunking Myths About Distributed Teams
The D Files: Debunking Myths About Distributed TeamsAgileDenver1.5K views31 slides
The agile elephant in the roomThe agile elephant in the room
The agile elephant in the roomAgileDenver781 views33 slides
Owasp summit 2017 Owasp summit 2017
Owasp summit 2017 Dinis Cruz2.4K views37 slides

More Related Content

Slideshows for you

The Modern Collaboration Hub: Using Slack and Atlassian to Integrate People, ...The Modern Collaboration Hub: Using Slack and Atlassian to Integrate People, ...
The Modern Collaboration Hub: Using Slack and Atlassian to Integrate People, ...Cprime135 views43 slides
OWASP Developer Guide RebootOWASP Developer Guide Reboot
OWASP Developer Guide RebootAndrew van der Stock1.3K views31 slides
DevOps Picc12 Management TalkDevOps Picc12 Management Talk
DevOps Picc12 Management TalkMichael Rembetsy25.8K views107 slides
Like Herding Cats: How to Get Engineers to Update Their StatusLike Herding Cats: How to Get Engineers to Update Their Status
Like Herding Cats: How to Get Engineers to Update Their StatusAtlassian5.3K views43 slides
Testing in Agile with Coaching Agile Journeys and XBOSoftTesting in Agile with Coaching Agile Journeys and XBOSoft
Testing in Agile with Coaching Agile Journeys and XBOSoftXBOSoft521 views55 slides
The 7 Habits of Effective Data Driven CompaniesThe 7 Habits of Effective Data Driven Companies
The 7 Habits of Effective Data Driven CompaniesGoDataDriven347 views29 slides

Slideshows for you(14)

The Modern Collaboration Hub: Using Slack and Atlassian to Integrate People, ...The Modern Collaboration Hub: Using Slack and Atlassian to Integrate People, ...
The Modern Collaboration Hub: Using Slack and Atlassian to Integrate People, ...
Cprime135 views
OWASP Developer Guide RebootOWASP Developer Guide Reboot
OWASP Developer Guide Reboot
Andrew van der Stock1.3K views
DevOps Picc12 Management TalkDevOps Picc12 Management Talk
DevOps Picc12 Management Talk
Michael Rembetsy25.8K views
Like Herding Cats: How to Get Engineers to Update Their StatusLike Herding Cats: How to Get Engineers to Update Their Status
Like Herding Cats: How to Get Engineers to Update Their Status
Atlassian5.3K views
Testing in Agile with Coaching Agile Journeys and XBOSoftTesting in Agile with Coaching Agile Journeys and XBOSoft
Testing in Agile with Coaching Agile Journeys and XBOSoft
XBOSoft521 views
The 7 Habits of Effective Data Driven CompaniesThe 7 Habits of Effective Data Driven Companies
The 7 Habits of Effective Data Driven Companies
GoDataDriven347 views
AvePoint Webinar - Microsoft Office 365 or Windows Azure: Have it Your WayAvePoint Webinar - Microsoft Office 365 or Windows Azure: Have it Your Way
AvePoint Webinar - Microsoft Office 365 or Windows Azure: Have it Your Way
AvePoint766 views
Cultivating Content: Designing Wiki Solutions That ScaleCultivating Content: Designing Wiki Solutions That Scale
Cultivating Content: Designing Wiki Solutions That Scale
colleenfry3.4K views
Being a Lean Enterprise : Technology Is Not Enough Being a Lean Enterprise : Technology Is Not Enough
Being a Lean Enterprise : Technology Is Not Enough
Barry O'Reilly8.3K views
Continuous Delivery: Rapid and Reliable Releases with DevOps PracticesContinuous Delivery: Rapid and Reliable Releases with DevOps Practices
Continuous Delivery: Rapid and Reliable Releases with DevOps Practices
TechWell758 views
Status Quo is Death: nib health funds’ Innovative Journey to the Cloud: AWS S...Status Quo is Death: nib health funds’ Innovative Journey to the Cloud: AWS S...
Status Quo is Death: nib health funds’ Innovative Journey to the Cloud: AWS S...
Amazon Web Services758 views
Moogilu StartupKitMoogilu StartupKit
Moogilu StartupKit
Jagadish Channagiri590 views
Change Software Like a ScientistChange Software Like a Scientist
Change Software Like a Scientist
Atlassian8.9K views
SharePoint Saturday Warsaw 2018 - Modern Collaboration in Teams & Projects wi...SharePoint Saturday Warsaw 2018 - Modern Collaboration in Teams & Projects wi...
SharePoint Saturday Warsaw 2018 - Modern Collaboration in Teams & Projects wi...
Jasper Oosterveld851 views

Similar to Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster

Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365 Splunk914 views17 slides
SDLC & DevSecOpsSDLC & DevSecOps
SDLC & DevSecOpsIrina Kostina80 views72 slides
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeBen Rothke531 views37 slides
Get High-Octane Virtual Datacenter PerformanceGet High-Octane Virtual Datacenter Performance
Get High-Octane Virtual Datacenter PerformanceSolarWinds517 views15 slides
Embracing New NormalEmbracing New Normal
Embracing New NormalSSFIndia154 views8 slides
Cloud security: Accelerating cloud adoption Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Dell World583 views15 slides

Similar to Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster (20)

Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365
Splunk914 views
SDLC & DevSecOpsSDLC & DevSecOps
SDLC & DevSecOps
Irina Kostina80 views
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - Rothke
Ben Rothke531 views
Get High-Octane Virtual Datacenter PerformanceGet High-Octane Virtual Datacenter Performance
Get High-Octane Virtual Datacenter Performance
SolarWinds517 views
Embracing New NormalEmbracing New Normal
Embracing New Normal
SSFIndia154 views
Cloud security: Accelerating cloud adoption Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption
Dell World583 views
Big Data LDN 2018: MICROLISE: USING BIG DATA AND AI IN TRANSPORT AND LOGISTICSBig Data LDN 2018: MICROLISE: USING BIG DATA AND AI IN TRANSPORT AND LOGISTICS
Big Data LDN 2018: MICROLISE: USING BIG DATA AND AI IN TRANSPORT AND LOGISTICS
Matt Stubbs489 views
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015
Shannon Lietz873 views
Staying Secure When Moving to the Cloud - Dave MillierStaying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave Millier
TriNimbus412 views
Neo4j + Process Tempo present Plan Your Cloud Migration with ConfidenceNeo4j + Process Tempo present Plan Your Cloud Migration with Confidence
Neo4j + Process Tempo present Plan Your Cloud Migration with Confidence
Neo4j21 views
System Security on CloudSystem Security on Cloud
System Security on Cloud
Tu Pham935 views
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
bugcrowd928 views
DevSecCon London 2017: Threat modeling in a CI environment by Steven WierckxDevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon502 views
DevSecCon KeynoteDevSecCon Keynote
DevSecCon Keynote
Shannon Lietz373 views
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
Shannon Lietz3.1K views
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
Turja Narayan Chaudhuri9 views
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
Amazon Web Services9.6K views
Owasp summit slides day 2Owasp summit slides day 2
Owasp summit slides day 2
Dinis Cruz424 views
How to Achieve and Maintain High Quality SaaS Software in the CloudHow to Achieve and Maintain High Quality SaaS Software in the Cloud
How to Achieve and Maintain High Quality SaaS Software in the Cloud
XBOSoft1K views
[AIIM17] It’s Harvest Time in the Information Garden - Dan Antion[AIIM17] It’s Harvest Time in the Information Garden - Dan Antion
[AIIM17] It’s Harvest Time in the Information Garden - Dan Antion
AIIM International129 views

Recently uploaded

CloudStack Managed User-data & DemoCloudStack Managed User-data & Demo
CloudStack Managed User-data & DemoShapeBlue107 views9 slides
NoSQL Database Migration Masterclass - Session 3: Migration LogisticsNoSQL Database Migration Masterclass - Session 3: Migration Logistics
NoSQL Database Migration Masterclass - Session 3: Migration LogisticsScyllaDB27 views32 slides
Stanford AI Report 2023Stanford AI Report 2023
Stanford AI Report 2023Kapil Khandelwal (KK)19 views386 slides
An Introduction To Using ChatGPT For BusinessAn Introduction To Using ChatGPT For Business
An Introduction To Using ChatGPT For BusinessPaul Nguyen56 views25 slides
zkStudyClub - Lasso/Jolt (Justin Thaler, GWU/a16z)zkStudyClub - Lasso/Jolt (Justin Thaler, GWU/a16z)
zkStudyClub - Lasso/Jolt (Justin Thaler, GWU/a16z)Alex Pruden17 views39 slides
Carrom Pool Mod APK.docxCarrom Pool Mod APK.docx
Carrom Pool Mod APK.docxRayJ1215 views6 slides

Recently uploaded(20)

CloudStack Managed User-data & DemoCloudStack Managed User-data & Demo
CloudStack Managed User-data & Demo
ShapeBlue107 views
NoSQL Database Migration Masterclass - Session 3: Migration LogisticsNoSQL Database Migration Masterclass - Session 3: Migration Logistics
NoSQL Database Migration Masterclass - Session 3: Migration Logistics
ScyllaDB27 views
Stanford AI Report 2023Stanford AI Report 2023
Stanford AI Report 2023
Kapil Khandelwal (KK)19 views
An Introduction To Using ChatGPT For BusinessAn Introduction To Using ChatGPT For Business
An Introduction To Using ChatGPT For Business
Paul Nguyen56 views
zkStudyClub - Lasso/Jolt (Justin Thaler, GWU/a16z)zkStudyClub - Lasso/Jolt (Justin Thaler, GWU/a16z)
zkStudyClub - Lasso/Jolt (Justin Thaler, GWU/a16z)
Alex Pruden17 views
Carrom Pool Mod APK.docxCarrom Pool Mod APK.docx
Carrom Pool Mod APK.docx
RayJ1215 views
Daily Scrum, Sprint Review & Retrospective.pptxDaily Scrum, Sprint Review & Retrospective.pptx
Daily Scrum, Sprint Review & Retrospective.pptx
Md. Rakib Trofder90 views
GDSC SRMCEM Info Session 2023GDSC SRMCEM Info Session 2023
GDSC SRMCEM Info Session 2023
HariOM Dwivedi56 views
#11 DataWeave Extension Library using Visual Studio Code#11 DataWeave Extension Library using Visual Studio Code
#11 DataWeave Extension Library using Visual Studio Code
AnoopRamachandran1379 views
Welcome and State of Apache CloudStack CommunityWelcome and State of Apache CloudStack Community
Welcome and State of Apache CloudStack Community
ShapeBlue149 views
OpenFOAM benchmark for EPYC server -Influence of coarsestLevelCorr in GAMG so...OpenFOAM benchmark for EPYC server -Influence of coarsestLevelCorr in GAMG so...
OpenFOAM benchmark for EPYC server -Influence of coarsestLevelCorr in GAMG so...
takuyayamamoto180014 views
OpenFOAM benchmark for EPYC server: cavity mediumOpenFOAM benchmark for EPYC server: cavity medium
OpenFOAM benchmark for EPYC server: cavity medium
takuyayamamoto180031 views
GDSC23 - Info Session GDSC KIET (1).pptxGDSC23 - Info Session GDSC KIET (1).pptx
GDSC23 - Info Session GDSC KIET (1).pptx
SnehaAggarwal40119 views
AWS Toolkit.pptxAWS Toolkit.pptx
AWS Toolkit.pptx
Brandon Minnick, MBA54 views
DigitalWisers Onepager.pdfDigitalWisers Onepager.pdf
DigitalWisers Onepager.pdf
Mustafa Kuğu165 views
Doorsvision-The-Future-of-Smart-Communities gama adj.pdfDoorsvision-The-Future-of-Smart-Communities gama adj.pdf
Doorsvision-The-Future-of-Smart-Communities gama adj.pdf
Mustafa Kuğu84 views
What's Coming in CloudStack 4.19What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19
ShapeBlue122 views
[KCD GT 2023] Demystifying etcd failure scenarios for Kubernetes.pdf[KCD GT 2023] Demystifying etcd failure scenarios for Kubernetes.pdf
[KCD GT 2023] Demystifying etcd failure scenarios for Kubernetes.pdf
William Caban45 views
Graph Neural Networks.pptxGraph Neural Networks.pptx
Graph Neural Networks.pptx
Kumar Iyer19 views
INASLA_AI and Landscape Architecture.pptxINASLA_AI and Landscape Architecture.pptx
INASLA_AI and Landscape Architecture.pptx
Jonathon Geels66 views

Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster

  1. SCALING SECURITY WORKFLOWS AND GETTING HIRED BY A CROWD SOURCING SECURITY TEAM GOHER MOHAMMAD PHOTOBOX GROUP HEAD OF SECURITY AND COMPLIANCE
  2. MY BACKGROUND • Graduated in 2000 • Got my first IT job in 2001 – Very Corporate • Got my first IT Leader role in 2004 for Omnicom group • Went back to corporate rigidity 2017 • Now at Photobox Group Security as Acting Head of Risk and Compliance
  3. CHALLENGE • Have worked in a traditional environment • Now working in an agile environment • Both have the pros and cons
  4. CHALLENGE Traditional environments are very comprehensive and organized
  5. CHALLENGE But so slow to get anything done and very unscalable at speed
  6. CHALLENGE Agile environments work at super speed!
  7. CHALLENGE But trying to keep track of everything
  8. HOW DO WE SCALE SECURITY WORKFLOWS AT SPEED?
  9. We have to integrate with current place of work practices
  10. SCALING SECURITY WORKFLOWS • USE EXISTING IMPLEMENTED SYSTEM • USE A DATABASE MODEL (Where Possible) • USE A VISUAL PLATFORM TO BUILD A GRAPH DATABASE (Neo4J, AnzoGraph)
  11. CHALLENGE AT PHOTOBOX • PCI AUDIT • BUILD A SCALABLE SOLUTION • BUILD FOR THE FUTURE, GDPR, ISO 27001 AND MORE
  12. Does anyone like compliance? Does anyone like to be audited? 2 QUESTIONS
  13. Review Previous Audit Documentation and Policies Evidence Capture Review and Update Assess and Remediate TAS Assessment Check and Remediate Audit Central Server Storage and Jira Mapping PCI AUDIT
  14. DATA MAPPING OF POLICY INTO EXCEL
  15. DATA MAPPING INTO JIRA
  16. WORKFLOW
  17. SCALING FURTHER
  18. VISUALISE IN GRAPH DATABASE SUCH AS NEO4J
  19. SCALING SECURITY WORKFLOWS
  20. IN SHORT • Make use of the tools you have • It should be ‘templatable’, ‘bolt-onable’ and easy • It should translate across all levels of staff and people • It should be or be part of a foundation framework • It should be logical • It should be simple
  21. HOW TO BE HIRED FOR A CROWD SOURCING SECURITY TEAM?
  22. WHAT IS CROWDSOURCING? crowd·sourc·ing ˈkroudˌsôrsiNG/ noun noun: crowdsourcing; noun: crowd-sourcing • the practice of obtaining information or input into a task or project by enlisting the services of a large number of people, either paid or unpaid, typically via the Internet. • "crowdsourcing is less expensive than hiring a professional translator"
  23. GETTING HIRED HAS CHANGED!
  24. THIS IS YOUR CV!
  25. GET YOURSELF KNOWN • Attend Security Workshops • Join Forums online • Ask questions from people already in the industry • Showcase who you are
  26. DISCUSSING WORKSHOPS…
  27. THANK YOU
  28. QUESTIONS?