Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
May. 18, 2018•0 likes•462 views
Download to read offline
Report
Technology
Guest speaker presentation on Scaling Security Workflows and how to be hired for a crowd sourcing security team by Goher Mohammad of Photobox Group Security
Joint OWASP Cambridge, BCS Cybercrime Forensics SIG UK Cyber Security Forum – Cambridge Cluster
SCALING SECURITY WORKFLOWS
AND GETTING HIRED BY A
CROWD SOURCING SECURITY
TEAM
GOHER MOHAMMAD
PHOTOBOX GROUP HEAD OF SECURITY AND COMPLIANCE
MY BACKGROUND
• Graduated in 2000
• Got my first IT job in 2001 – Very Corporate
• Got my first IT Leader role in 2004 for Omnicom group
• Went back to corporate rigidity 2017
• Now at Photobox Group Security as Acting Head of Risk and
Compliance
CHALLENGE
• Have worked in a traditional environment
• Now working in an agile environment
• Both have the pros and cons
We have to integrate with
current place of work practices
SCALING SECURITY WORKFLOWS
• USE EXISTING IMPLEMENTED SYSTEM
• USE A DATABASE MODEL (Where Possible)
• USE A VISUAL PLATFORM TO BUILD A GRAPH DATABASE (Neo4J,
AnzoGraph)
CHALLENGE AT PHOTOBOX
• PCI AUDIT
• BUILD A SCALABLE SOLUTION
• BUILD FOR THE FUTURE, GDPR, ISO 27001 AND MORE
Does anyone like compliance?
Does anyone like to be audited?
2 QUESTIONS
IN SHORT
• Make use of the tools you have
• It should be ‘templatable’, ‘bolt-onable’ and easy
• It should translate across all levels of staff and people
• It should be or be part of a foundation framework
• It should be logical
• It should be simple
HOW TO BE HIRED FOR A CROWD
SOURCING SECURITY TEAM?
WHAT IS CROWDSOURCING?
crowd·sourc·ing
ˈkroudˌsôrsiNG/
noun
noun: crowdsourcing; noun: crowd-sourcing
• the practice of obtaining information or input into a task or project
by enlisting the services of a large number of people, either paid or
unpaid, typically via the Internet.
• "crowdsourcing is less expensive than hiring a professional
translator"