The document is a summary of a technology catch-up session led by Amr Salah, a middleware and cloud expert with over eight years of experience. It covers topics such as software engineering processes, data and program security, data protection methods, security policies, and role definitions within cybersecurity. It also includes a call to action for further engagement through a Slack channel and a registration link.

1. 15 MINUTES
TECHNOLOGY CATCH-UP
Amr Salah
Middleware & Cloud Expert

2. AMR SALAH
MIDDLEWARE & CLOUD EXPERT
• Computer Science, Mansoura University 2009 (CS)
• 8+ years of experience in Middleware technologies
• Middleware & Cloud Expert
• Worked for (EG: Sumerge, Asset, Giza Systems, Egabi, SG: Pactera, NZ: Deloitte)
• My Clients: Govt (SFD – Saudi, TEData – EG, CIB – EG, MOH – SG, etc.)
• Certificates
• Oracle SOA/ADF/BPM
• AWS Solution Architect
• Professional Scrum Master
• Mulesoft Developer
• More of experience in Security, Full stack development & CI/CD

3. People burn not because they do the same thing
everyday, but because they forget WHY they do
the same thing everyday!

4. SOFTWARE ENGINEERING PROCESSPost Questions
http://sli.do - #T182
#Agile – Ask your question!

6. WE ALL ARE
SOFTWARE
ENGINEERS

7. SOFTWARE ENGINEERING PROCESS
Software Engineering
is the application of engineering to
the development of software in a
systematic method!

8. Integration & Microservices
Agile Method
Frameworks, Scrum & Roles
Cloud
Platforms, Services & Vendors
Security
Types, Policies & importance
CryptoCurrency
Blockchain, Trading

9. Security
Hardware, Software, Data

10. SECURITY
• Know as cyber security or IT security, is the protection of computer systems from
the theft and damage to their hardware, software or information, as well as
from disruption or misdirection of the services they provide.
It’s all about DATA
DAMAGE BREACHCorruption

11. SECURITY
• Know as cyber security or IT security, is the protection of computer systems from
the theft and damage to their hardware, software or information, as well as
from disruption or misdirection of the services they provide.
Hardware Security
Software Security
Data Security

12. DATA SECURITY - DATA

13. DATA SECURITY - DATA
• Data is distinct pieces of information, usually formatted in a special way. All
software is divided into two general categories: data and programs. Programs are
collections of instructions for manipulating data.
• Data can exist in a variety of forms

14. WHY DATA IS IMPORTANT

15. WHY DATA IS IMPORTANT

16. DATA SECURITY
• protecting digital data, such as those in a database, from destructive forces and
from the unwanted actions of unauthorized users, such as a cyberattack or a data
breach.

17. DATA PROTECTION
• Disk encryption
• Software-based security solutions encrypt the data to protect it from theft.
However, a malicious program or a hacker could corrupt the data in order to make
it unrecoverable, making the system unusable.
• Hardware-based security solutions can prevent read and write access to data and
hence offer very strong protection against tampering and unauthorized access.
(e.g. MFA)
• Backups
• Data masking
• Data erasure
• Data Encryption (Server/Client Side)

18. DATA PROTECTION
DISK ENCRYPTION
• Disk encryption: is a technology which protects information by converting it into
unreadable code that cannot be deciphered easily by unauthorized people. Disk
encryption uses disk encryption software or hardware to encrypt every bit of data that
goes on a disk or disk volume. It is used to prevent unauthorized access to data
storage.

19. DATA PROTECTION
BACKUPS
• Backup: the process of backing up, refers to the copying and archiving of
computer data so it may be used to restore the original after a data loss event. The verb
form is to back up in two words, whereas the noun is backup.

20. DATA PROTECTION
DATA MASKING
• Data masking: is the process of hiding original data with random characters or data.

21. DATA PROTECTION
DATA ERASURE
• Data erasure: (data clearing or data wiping) is a software-based method of overwriting
the data that aims to completely destroy all electronic data residing on a hard disk drive or
other digital media by using zeros and ones to overwrite data onto all sectors of the device

22. DATA PROTECTION
DATA ENCRYPTION
• Server Side Encryption
• HTTP/HTTPS – ex.sni.
• End-to-End
Client Side Encryption
Encrypt-Decrypt
Symmetric Private key
HSM
KMS

23. SYMMETRIC PRIVATE KEY
Key: *.pem

24. HSM/KMS
OPTIONAL
Key: *.pem

25. DATA SECURITY
QUESTIONS?
http://sli.do - #T182

26. SOFTWARE SECURITY
Computer security software or cybersecurity software is any computer program designed to enhance
information security. The defense of computers against intrusion and unauthorized use of resources is called
computer security. Similarly, the defense of computer networks is called network security.

27. A MALICIOUS ATTACK
• A malicious attack is an attempt to forcefully abuse or take advantage of
someone's computer, whether through computer viruses, social engineering,
phishing, or other types of social engineering.
Email - Web Content – Legitimate/reward Sites - File Downloads
• Malware (Adware, Spyware, Trojan Horse, Crimeware, Viruses, Worms)
• Social Engineering (Phishing, Baiting, Spam)

28. EMAIL PHISHING
is the attempt to obtain sensitive information such as usernames, passwords,
and credit card details (and money), often for malicious reasons, by disguising as a
trustworthy entity in an electronic communication.

29. VULNERABILITIES
By NIST

30. SOFTWARE SECURITY
QUESTIONS?
http://sli.do - #T182

31. HARDWARE SECURITY
Thieves HW Damage
1. Hardware Protection: Cloud IAAS has to be protected from DAMAGE. security solutions can prevent
read and write access to data and hence offer very strong protection against tampering and
unauthorized access. (e.g. MFA).
Data Corruption/Loss

32. HARDWARE SECURITY
2. Hardware Security Module (HSM): is a physical computing device that safeguards and
manages digital keys for strong authentication and provides cryptoprocessing.
These modules traditionally come in the form of a plug-in card or an external device that attaches
directly to a computer or network server.
• intrusion-resistant, tamper-evident, FIPS Validated
• Self destruction
• AWS CloudHSM
• Microsoft KeyVault
• Google Cloud Key management

33. SECURITY POLICIES
COMPLIANCES
Security Policies: is a definition of what it means to be secure for a system, organization or other entity.
For an organization, it addresses the constraints on behaviour of its members as well as constraints imposed
on adversaries by mechanisms such as doors, locks, keys and walls.
Health Insurance Portability
and Accountability Act
Payment Card Industry Data
Security Standard

34. SECURITY POLICIES
COMPLIANCES
PCI DSS (Payment Card Industry Data Security Standard)
• Firewall at each internet Connection
• Components protected from security vulnerabilities
• Review Logs & Security Events
• Protect Card Holder Data
• Retain Audit history for at least 1 Year
• Security Group, NACL
• etc.

35. SECURITY- WHAT ELSE?

36. SECURITY
Security Engineer
• Network Security Engineer
• Information Assurance Engineer
• Information Security Engineer
• Information Systems Security Engineer
Digital Forensics

37. SECURITY
QUESTIONS?
http://sli.do - #T182

38. KEEP IN TOUCHKeep in touch
Join slack.com & subscribe to our channel (#fciteam)
https://dirtyhandsws.slack.com/
Send your email to Amr.salah.2010@gmail.com
to add you to the list with the following pattern:
Subject: #fciteam-Please Add Me