Security confessions of a small country

•

0 likes•212 views

Examining the challenges of adopting security frameworks from larger countries and how we can work together to improve automation, reuse and collaboration in security. Includes launch of opensecurity.nz

Presentations & Public Speaking

security confessions of a small country
Laura Bell laura@safestack.io @lady_nerd

Founder
SafeStack
Co-Author
Agile Application Security (O’Reilly Media)
Mother
Daughter
Partner
Grand-daughter
Friend
Employer
Cousin
Niece

In this talk
We are here
NZ in a global context
The best and worst
Our national traits applied to
security
Building a secure NZ
The safest version of our digital
selves

So what impact does this have on security?
most security guidance comes from USA

Smaller population
Lower incomes
Smaller companies
Smaller budgets
Smaller security teams
Economy focused on exports
new zealand is different

Our security approaches are biased
and that bias changes how effective they are

So what makes New Zealand different?
and is that difference a good thing

How does our
culture affect
our security?
Image and amazing pins from Pepper
Raccoon (https://pepperraccoon.com/)

More trusting
Less defensive response
Slower to adapt to changing threat levels
we are vulnerable

Willingness to improvise
Less perfectionism
Prepared to take risk
pros cons
Compromise quality
Underestimate complexity
Leave projects unfinished

Can embracing NZ culture improve our security?
and how can we get started

we can work on our vulnerabilities
Compromise quality
Underestimate complexity
Leave projects unfinished
Supporting standards that enforce and measure quality
Openly talking about complexity
Holding ourselves accountable for completion

More selective about when we trust
More prepared for defensive response
Developing threat models for our economy and people
we can understand our risk
More trusting
Less defensive response
Slower to adapt to changing threat levels

Smaller companies
Smaller budgets
Smaller security teams
we can embrace our size
More collaboration
More reuse
More automation

opensecurity.nz
A place to find open source,
information security projects and
tools, created in New Zealand
Documentation
Tools
Reusables

A non-commercial initiative
To encourage collaboration
To open pathways for new contributors
To share innovation
Aims

Requirements
Has a code of conduct
Has a contribution guide
Has a readme file
Open source license
Is maintained
Created in New Zealand

Got a project you’d like to share?
https://opensecurity.nz
https://safestack.typeform.com/to/i6wj2y
support@opensecurity.nz

Summary
We are here
Context matters in security
The best and worst
Need to be balanced to thrive
Building a secure NZ
Needs us to listen to smaller
voices

Submit a project
https://safestack.typeform.com/to/i6wj2y
Learn about opensecurity
https://opensecurity.nz
Ask a question or volunteer!
support@opensecurity.nz
@lady_nerd
laura@safestack.io
https://safestack.io

The document discusses the challenges of cybersecurity in a world of digital business and relentless change. It notes that data has become currency, but that information overload, skills gaps, and evolving threats pose challenges. It asks how organizations can change the equation to more effectively protect themselves through approaches like controlling network access, quickly finding and containing problems, simplifying network segmentation, and stopping threats at the edge. The document advocates the Cisco security architecture and threat intelligence approach to enable seeing threats once and protecting everywhere across endpoints, cloud, and networks. It provides examples of challenges like WannaCry and the transition to multi-cloud environments.

Security Loves DevOps: DevOpsDays Austin 2012

James Turnbull

High Performance Security Report - High Technology

Accenture Security

The document is a report from Accenture on cybersecurity for high technology companies. It finds that only 44% of respondents have confidence in their cybersecurity capabilities across key domains. Failure rates for security breaches are alarmingly high, with thousands to millions of random breach attempts per week and over 144 focused attacks per year resulting in one in four attacks being successful breaches. Internal breaches are particularly problematic, with 41% of security impacts coming from malicious insiders. The report recommends that companies pressure test security capabilities, make security a shared responsibility, protect key assets from within, increase executive engagement, continually innovate defenses, and ensure security is connected to business needs.

Introduction to scenario based risk analysis part 2

"Apolonio \"Apps\"" Garcia

This document discusses building risk scenarios. It provides examples of using risk scenario analysis for proactive risk assessments, audits, and management inquiries. It outlines steps for scoping a risk scenario, including identifying threats, assets, events, controls and assumptions. Data sources that can inform the analysis are described, such as private organizational data, industry reports, audits, and security tools. The webinar is the second in a three part series on scenario based risk analysis.

Defining A Cyber Moonshot: Getting Safer in Five Years

scoopnewsgroup

The document calls for a "cyber moonshot" - a concerted national effort - to address the growing threats posed by cybersecurity issues. It proposes that such an effort require leadership, specific calls to action, and sustained investment. It suggests that incentives must be put in place to encourage securing data rather than penalties alone, and that data sharing should be viewed as a common good rather than a source of financial gain. The effort would aim to organize and direct national energies and skills towards achieving the hard goal of improving cybersecurity, similar to the spirit of President Kennedy's moonshot initiative. It asks what the single most important thing is that could be done now to ignite this national cyber moonshot effort.

Bill checkpoint

Billy Cox

ciso-platform-annual-summit-2013-defending-against-APT

Priyanka Aash

The document discusses advanced persistent threats and how the Triton system from Websense can defend against them. It notes that the threat landscape has changed, with attacks now using zero-day exploits and aiming for financial gain rather than damage. Traditional signature-based defenses are ineffective against these new threats. The presentation then argues that Triton can better stop these threats through real-time, content-aware and unified threat analytics rather than just signature matching. It concludes by thanking the audience.

What cybersecurity risk management entails

Cyberhunter Cyber Security

This document discusses cybersecurity risk management. It outlines that the primary goals of any cybersecurity endeavor are to thwart attacks and train people and systems to recognize infiltration. Effective cybersecurity risk management requires identifying risks, assessing them, and taking steps to reduce risks to an acceptable level. This involves identifying operational risks from internal and external events, and treating risks through avoidance, transfer, mitigation, or exploitation. The document promotes investing in professional cybersecurity risk assessments.

The document discusses how to establish a culture of safety excellence. It outlines five key questions organizations should ask themselves: 1) How is safety excellence defined? 2) What is common when safety excellence is achieved? 3) What is the safety excellence strategy and can the culture carry it out? 4) What data prioritizes initiatives and validates progress? 5) What does the organization need to stop doing? The document advocates using a balanced scorecard approach with lagging, leading, and transformational indicators to measure progress towards a culture of safety excellence.

Cost of Cyber Crime UK Data

Accenture Security

Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting

CrowdStrike

Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection. A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs. Download the webcast slides to learn: --How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security --Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats --How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches

A detailed guide about dev secops

Enov8

DevSecOps refers to a software engineering culture that introduces security early in the development lifecycle to mitigate risks. It emphasizes collaboration between developers and security teams, where they previously worked independently. DevSecOps combines these teams to strengthen security testing without disrupting the development cycle. There is a need for DevSecOps because security and compliance are now major priorities, and developers can inadvertently release software with vulnerabilities. Key principles include integrating security practices into development, continuous learning, collaboration between teams, sharing threat intelligence, and delivering secure software quickly.

The Australian Cyber Security Growth Network Strategy and Goals

Australian Cyber Security Growth Network Ltd

2015 CPA Congress - Disruption - 10 things to pay attention to for your industry

Todd Davies

Lessons Learned from Fire Escapes for Cybersecurity

scoopnewsgroup

This document discusses the similarities between fire safety and cybersecurity. It notes that both require better prevention, detection, and response approaches rather than just bolting on extra protections after the fact. The document advocates adopting a security framework, looking at supply chain security, and taking a comprehensive approach focused on prevention, detection, response, and recovery rather than just attaching on extra protections like fire escapes. It was presented by a Global Compliance Product Lead at Google Cloud with experience in security and as a retired fire chief.

Information Security for startups

Stijn Vande Casteele

A detailed guide about dev secops.docx

Enov8

Embracing the Open Source Model

Cisco DevNet

Intelligent Cybersecurity for the Real World

NetCraftsmen

Cisco is investing heavily in cybersecurity to address the growing threat landscape and security effectiveness gap. The company's threat-centric security model provides visibility, control, intelligence and context across networks, endpoints, mobile devices, virtual systems and the cloud to speed detection and remediation times. Cisco's integrated threat defense architecture aims to simplify security through automation and sharing of global intelligence while improving efficacy.

Design highly available and secure system

Andi Pangeran

The document discusses designing highly available and secure systems. It covers security concepts like threats, vulnerabilities, and controls. Common security threats like OWASP top 10 vulnerabilities are explained. Symmetric and asymmetric encryption techniques are described along with digital certificates and SSL. Web security best practices are provided. For availability, concepts like MTBF, MTTR and downtime calculations are covered. Tactics to improve availability like embracing failures, bulkheading and circuit breakers are presented.

STAREAST 2017- Optimize Performance Testing Using Cloud and DevOps

Troy Marshall

Traditional performance testing practices don't scale when you begin delivering software using cloud computing and DevOps. Troy Marshall shares how Ellucian transformed their performance testing program using the same principles DevOps uses to deliver software. It isn't enough just to automate the execution of performance tests. You must continually optimize every step—from building the performance test tool infrastructure, configuring test scripts and scenarios, collecting metrics, and reporting results. In addition, by using cloud computing to implement performance testing, you create significant business value by reducing the cost, increasing velocity, and bringing more visibility to your application’s performance. Join Troy to learn how to enable your development teams to consume performance testing as just another service in the CI/CD pipeline, freeing them to focus attention on developing their products.

Mastering next gen-siem-usecases-part1

Priyanka Aash

Dekra insight safety excellence symposium

Musallam Khaifi

The two-day symposium will cover principles and practices for building an incident-free culture and achieving safety excellence. Day 1 will discuss elements that drive safety performance, how safety improves performance in other areas, and keys to measuring culture and leadership for success. Day 2 will provide tools to analyze incidents, use safety data to reduce risk, and define behaviors to advance safety. Attendees will learn how to empower workers, inspire excellence through leadership, and create a roadmap to achieve lasting safety improvements.

Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...

Mighty Guides, Inc.

The document discusses strategies for communicating security program effectiveness to upper management using security metrics. It features essays from 22 security experts in Asia-Pacific who provide their perspectives on meaningful security metrics. Some of the key strategies and metrics discussed include compliance metrics but also risk-based metrics like vulnerability rates over time and a security maturity score. Tracking externally reported security incidents over time and the results of penetration testing are also presented as useful metrics to share with leadership. The experts emphasize selecting metrics that show risk reduction and how security enhances business success.

Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf

Stéphane Nappo

Influential Business Leaders in Security services | CIO Look

CIO Look Magazine

How to Migrate Your Organization to a More Security-Minded Culture – From Dev...

Dana Gardner

Ensuring Full Proof Security At Xero

Craig Walker

The document summarizes a presentation given by Craig Walker, CTO of Xero Ltd, about ensuring full-proof security at Xero. It discusses how Xero engaged Aura Software Security as virtual security officers to help deliver secure software as a service (SaaS) over the long term. Aura took an integrated approach to security including threat modelling, attack trees, penetration testing, and ongoing monitoring to identify security risks and weaknesses in Xero's software and hosting environment. The presentation emphasizes that security is an ongoing process requiring a holistic approach and continuous improvement.

How Google Protects your Data

Thomas Igou

Google takes several steps to protect user data including building security into their systems from the ground up, maintaining global infrastructure like undersea cables, employing over 450 security engineers for 24/7 monitoring, and conducting security research. They also focus on agility to prevent incidents and respond quickly through fast development and deployment. For businesses, Google provides tools to comply with privacy laws and ensures user data remains under their control with transparency around Google's legal commitments and compliance.

InfraGard Webinar March 2016 033016 A

Ward Pyles

The document summarizes key takeaways from the RSA Conference 2016. It discusses the rising threat of ransomware and the need to back to basics on security fundamentals like authentication, firewalls, and software updates. It also notes that the target of attacks is expanding to cloud and big data, and that organizations need to treat data as toxic. Other topics covered include new approaches to threat modeling, developing resilience after a breach, extending security teams through outsourcing, and reassessing threat detection capabilities. The document provides an agenda and information on speakers for an upcoming cybersecurity summit event.

What's hot

How to Establish a Culture of Safety Excellence

PECB

Cost of Cyber Crime UK Data

Accenture Security

Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting

CrowdStrike

A detailed guide about dev secops

Enov8

The Australian Cyber Security Growth Network Strategy and Goals

Australian Cyber Security Growth Network Ltd

2015 CPA Congress - Disruption - 10 things to pay attention to for your industry

Todd Davies

Lessons Learned from Fire Escapes for Cybersecurity

scoopnewsgroup

Information Security for startups

Stijn Vande Casteele

A detailed guide about dev secops.docx

Enov8

Embracing the Open Source Model

Cisco DevNet

Intelligent Cybersecurity for the Real World

NetCraftsmen

Design highly available and secure system

Andi Pangeran

STAREAST 2017- Optimize Performance Testing Using Cloud and DevOps

Troy Marshall

Mastering next gen-siem-usecases-part1

Priyanka Aash

Dekra insight safety excellence symposium

Musallam Khaifi

What's hot (15)

How to Establish a Culture of Safety Excellence

Cost of Cyber Crime UK Data

Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting

A detailed guide about dev secops

The Australian Cyber Security Growth Network Strategy and Goals

2015 CPA Congress - Disruption - 10 things to pay attention to for your industry

Lessons Learned from Fire Escapes for Cybersecurity

Information Security for startups

A detailed guide about dev secops.docx

Embracing the Open Source Model

Intelligent Cybersecurity for the Real World

Design highly available and secure system

STAREAST 2017- Optimize Performance Testing Using Cloud and DevOps

Mastering next gen-siem-usecases-part1

Dekra insight safety excellence symposium

Similar to Security confessions of a small country

Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...

Mighty Guides, Inc.

Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf

Stéphane Nappo

Influential Business Leaders in Security services | CIO Look

CIO Look Magazine

How to Migrate Your Organization to a More Security-Minded Culture – From Dev...

Dana Gardner

Ensuring Full Proof Security At Xero

Craig Walker

How Google Protects your Data

Thomas Igou

InfraGard Webinar March 2016 033016 A

Ward Pyles

Resiliency, Risk Management Add a New Dimension to Discussions about Enterpri...

Dana Gardner

Blue Line Operations

info910855

Industrial and Warehouse Security Regulation breaking offenders target Industrial sites on a regular basis. Industrial sites and warehouses are an appealing target for thieves and vandals. Office Security Services Office safety additionally includes having safety and security at the entrance to the building to escape any type of potential threats. Construction Site Security Services Protecting your building site is essential to stop the loss of valuable tools, machinery and products, as well as maintaining the public and also employees safety. Blue Line Operations Security Services are your local experts in office and building security. We can bring our experience in safety and security, along with the latest industry training and knowledge, to help you meet your needs. Whatever your situation, we can offer a business security assessment, so you have all the information you could want to make a decision. And after our office security assessment, if you need CCTV monitoring, security patrols, or manned guarding services, our team are here to help. Get in touch with Blue Line Operations today to find out how you can make your offices and staff safe and secure. https://bluelineoperations.co.uk/

Carbon Black: Justifying the Value of Endpoint Security

Mighty Guides, Inc.

1. Finding the right balance in any organization depends on assessing risk and then convincing executive management to fund security needs. 2. To justify endpoint security solutions, one expert recommends using actual metrics that show the effectiveness of something already deployed, rather than scare tactics about potential attacks. 3. When facing budget reductions, the expert advises resetting expectations by informing management how service levels may be impacted and the increased risks from reduced resources. Quantitative data showing improved security with existing tools can help make the case for continued funding.

Accuvant Intro

dchadwick

Accuvant is a cybersecurity firm that provides a comprehensive suite of security solutions and services to help organizations address pressing security issues. Their unique approach combines best-in-class technology with expert consulting services. They have a team of over 250 security experts called Accuvant LABS who perform research, develop solutions, and work with clients. Accuvant's services include security assessments, technology installations, managed security services, training, and consulting to help organizations secure their infrastructure and achieve security goals.

Protecting the Core of Your Network

Mighty Guides, Inc.

The disappearance of the network perimeter is the greatest security challenge according to one expert. Traditional network boundaries have been eroded by cloud services, mobile devices, and remote work access. This lack of a defined perimeter makes it difficult to know all assets and users on the network. Another issue is the use of unknown cloud services by employees that expose company data without IT oversight. To address this, companies need accurate asset inventories, security policies for all assets and services, and security awareness training for employees. The goal is minimizing risks so businesses can focus on their main operations.

CyberMaryland Job Fair Job Seeker Handbook December 5, 2019 Baltimore

ClearedJobs.Net

Open Security and Privacy Reference Architecture

Asim Jahan

'Unsustainably Sustainable' by Dr Carl Ungerer and Vanessa Liell at Mumbrella...

Brittany Ferdinands

This document discusses sustainability and the risks it poses to organizations. It begins with defining sustainability as anything that threatens long-term business sustainability, focusing on environmental, social and governance (ESG) factors. The document then notes that overblown sustainability claims can lead to greenwashing accusations. It presents a case study on cybersecurity risks, calling it the number one governance issue and noting that failures to protect data will face regulatory, legal and reputational consequences. The document concludes by advising communicators to partner with experts, separate communication from technical issues, ask hard questions to verify facts, and avoid sustainability pitfalls.

Tenable: Economic, Operational and Strategic Benefits of Security Framework A...

Mighty Guides, Inc.

According to Russ Kirby, CISO of Creditsafe, security frameworks have benefits but also limitations. Frameworks can be industry specific and slow to evolve, not keeping pace with changes in technology and regulations. However, running security programs without a framework is also impractical given today's complex IT environments and compliance needs. Adopting a framework that suits an organization's business model provides visibility that enables anticipating regulatory reporting needs. A framework facilitates understanding risk within a business and identifying the most critical security projects.

Tenable: Economic, Operational and Strategic Benefits of Security Framework A...

Mighty Guides, Inc.

Lester Godsey discusses how a security framework provides a baseline for acceptable security practices in an organization and enables security conversations with other business areas. It gives context for discussing exceptions or additional controls. Most businesses customize frameworks based on their specific needs and regulations. Having a framework in place allows an organization to design security metrics that map to important controls and align with business objectives. Lee Bailey notes that security frameworks help mature a security practice by guiding organizations from identifying needs to defining controls and processes. It enables aligning security and business objectives by making security decisions based on risk and explaining security issues to non-technical staff. For retailers, payment security standards help maintain customer trust and confidence, supporting the core business strategy. Frameworks also simplify

Sem 001 sem-001

SelectedPresentations

The agenda covers governance, risk, and compliance (GRC). GRC involves governance which defines how companies are directed, risk which is the effect of uncertainty on business objectives, and compliance which is adhering to external laws and regulations. The presenter discusses what is driving increased focus on GRC such as regulations, standards, risks, technologies, and transparency demands. Views of GRC include avoiding negative consequences and being fundamental to complex business operations. Getting started with GRC involves acknowledging that information security is about risk management and that security and auditors have similar goals. Developing a GRC strategy involves analyzing processes, discovering dependencies, and creating a roadmap.

CounterTack: 10 Experts on Active Threat Management

Mighty Guides, Inc.

The document provides advice from 10 security experts on how to improve security capabilities and adopt a more proactive approach to threat management. Joseph Smith, interim director of IT at the University of Maryland Eastern Shore, discusses treating endpoints as part of a larger, integrated system rather than as isolated machines. He uses a defense-in-depth strategy including traditional defenses, limited user accounts and application whitelisting. Smith believes a proactive security approach is needed given attackers' unlimited time and resources.

Fidelis Cybersecurity Overview

David Legh-Page AME,SCE

Fidelis Cybersecurity provides network and endpoint security solutions to detect attacks across all ports and protocols. It was founded in 2002 and has over 320 employees. Their solutions include Fidelis Endpoint and Network products as well as incident response and security consulting services. Their customers include many large companies across various industries as well as smaller organizations.

Similar to Security confessions of a small country (20)

Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...

Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf

Influential Business Leaders in Security services | CIO Look

How to Migrate Your Organization to a More Security-Minded Culture – From Dev...

Ensuring Full Proof Security At Xero

How Google Protects your Data

InfraGard Webinar March 2016 033016 A

Resiliency, Risk Management Add a New Dimension to Discussions about Enterpri...

Blue Line Operations

Carbon Black: Justifying the Value of Endpoint Security

Accuvant Intro

Protecting the Core of Your Network

CyberMaryland Job Fair Job Seeker Handbook December 5, 2019 Baltimore

Open Security and Privacy Reference Architecture

'Unsustainably Sustainable' by Dr Carl Ungerer and Vanessa Liell at Mumbrella...

Tenable: Economic, Operational and Strategic Benefits of Security Framework A...

Sem 001 sem-001

CounterTack: 10 Experts on Active Threat Management

Fidelis Cybersecurity Overview

Recently uploaded

Burning Issue Presentation By Kenmaryon.pdf

kkirkland2

Doctoral Symposium at the 17th IEEE International Conference on Software Test...

Sebastiano Panichella

Tom tresser burning issue.pptx My Burning issue

amekonnen

Presentatie 8. Joost van der Linde & Daniel Anderton - Eliq 28 mei 2024

Dutch Power

Announcement of 18th IEEE International Conference on Software Testing, Verif...

Sebastiano Panichella

Mastering the Concepts Tested in the Databricks Certified Data Engineer Assoc...

SkillCertProExams

• For a full set of 760+ questions. Go to https://skillcertpro.com/product/databricks-certified-data-engineer-associate-exam-questions/ • SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. • It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. • SkillCertPro updates exam questions every 2 weeks. • You will get life time access and life time free updates • SkillCertPro assures 100% pass guarantee in first attempt.

Competition and Regulation in Professions and Occupations – OECD – June 2024 ...

OECD Directorate for Financial and Enterprise Affairs

2024-05-30_meetup_devops_aix-marseille.pdf

Frederic Leger

ASONAM2023_presection_slide_track-recommendation.pdf

ToshihiroIto4

María Carolina Martínez - eCommerce Day Colombia 2024

eCommerce Institute

XP 2024 presentation: A New Look to Leadership

samililja

Presentatie 4. Jochen Cremer - TU Delft 28 mei 2024

Dutch Power

Competition and Regulation in Professions and Occupations – ROBSON – June 202...

OECD Directorate for Financial and Enterprise Affairs

This presentation by Professor Alex Robson, Deputy Chair of Australia’s Productivity Commission, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps. This presentation was uploaded with the author’s consent.

Updated diagnosis. Cause and treatment of hypothyroidism

Faculty of Medicine And Health Sciences

Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf

Access Innovations, Inc.

Gregory Harris - Cycle 2 - Civics Presentation

gharris9

Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...

Suzanne Lagerweij

This is a workshop about communication and collaboration. We will experience how we can analyze the reasons for resistance to change (exercise 1) and practice how to improve our conversation style and be more in control and effective in the way we communicate (exercise 2). This session will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick). Abstract: Let’s talk about powerful conversations! We all know how to lead a constructive conversation, right? Then why is it so difficult to have those conversations with people at work, especially those in powerful positions that show resistance to change? Learning to control and direct conversations takes understanding and practice. We can combine our innate empathy with our analytical skills to gain a deeper understanding of complex situations at work. Join this session to learn how to prepare for difficult conversations and how to improve our agile conversations in order to be more influential without power. We will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick). In the session you will experience how preparing and reflecting on your conversation can help you be more influential at work. You will learn how to communicate more effectively with the people needed to achieve positive change. You will leave with a self-revised version of a difficult conversation and a practical model to use when you get back to work. Come learn more on how to become a real influencer!

International Workshop on Artificial Intelligence in Software Testing

Sebastiano Panichella

Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie Wells

Rosie Wells

Insight: In a landscape where traditional narrative structures are giving way to fragmented and non-linear forms of storytelling, there lies immense potential for creativity and exploration. 'Collapsing Narratives: Exploring Non-Linearity' is a micro report from Rosie Wells. Rosie Wells is an Arts & Cultural Strategist uniquely positioned at the intersection of grassroots and mainstream storytelling. Their work is focused on developing meaningful and lasting connections that can drive social change. Please download this presentation to enjoy the hyperlinks!

Media as a Mind Controlling Strategy In Old and Modern Era

faizulhassanfaiz1670

This presentation, created by Syed Faiz ul Hassan, explores the profound influence of media on public perception and behavior. It delves into the evolution of media from oral traditions to modern digital and social media platforms. Key topics include the role of media in information propagation, socialization, crisis awareness, globalization, and education. The presentation also examines media influence through agenda setting, propaganda, and manipulative techniques used by advertisers and marketers. Furthermore, it highlights the impact of surveillance enabled by media technologies on personal behavior and preferences. Through this comprehensive overview, the presentation aims to shed light on how media shapes collective consciousness and public opinion.

Recently uploaded (20)

Burning Issue Presentation By Kenmaryon.pdf

Doctoral Symposium at the 17th IEEE International Conference on Software Test...

Tom tresser burning issue.pptx My Burning issue

Presentatie 8. Joost van der Linde & Daniel Anderton - Eliq 28 mei 2024

Announcement of 18th IEEE International Conference on Software Testing, Verif...

Mastering the Concepts Tested in the Databricks Certified Data Engineer Assoc...

Competition and Regulation in Professions and Occupations – OECD – June 2024 ...

2024-05-30_meetup_devops_aix-marseille.pdf

ASONAM2023_presection_slide_track-recommendation.pdf

María Carolina Martínez - eCommerce Day Colombia 2024

XP 2024 presentation: A New Look to Leadership

Presentatie 4. Jochen Cremer - TU Delft 28 mei 2024

Competition and Regulation in Professions and Occupations – ROBSON – June 202...

Updated diagnosis. Cause and treatment of hypothyroidism

Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf

Gregory Harris - Cycle 2 - Civics Presentation

Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...

International Workshop on Artificial Intelligence in Software Testing

Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie Wells

Media as a Mind Controlling Strategy In Old and Modern Era

Security confessions of a small country

1. security confessions of a small country Laura Bell laura@safestack.io @lady_nerd

2. Founder SafeStack Co-Author Agile Application Security (O’Reilly Media) Mother Daughter Partner Grand-daughter Friend Employer Cousin Niece

3. In this talk We are here NZ in a global context The best and worst Our national traits applied to security Building a secure NZ The safest version of our digital selves

4. You are here. wherever you are from

7. So what impact does this have on security? most security guidance comes from USA

10. Smaller population Lower incomes Smaller companies Smaller budgets Smaller security teams Economy focused on exports new zealand is different

11.

12. Our security approaches are biased and that bias changes how effective they are

13.

14.

15.

16.

17.

18.

19. So what makes New Zealand different? and is that difference a good thing

20.

21. How does our culture affect our security? Image and amazing pins from Pepper Raccoon (https://pepperraccoon.com/)

22. More trusting Less defensive response Slower to adapt to changing threat levels we are vulnerable

23. Willingness to improvise Less perfectionism Prepared to take risk pros cons Compromise quality Underestimate complexity Leave projects unfinished

24. Can embracing NZ culture improve our security? and how can we get started

25. we can work on our vulnerabilities Compromise quality Underestimate complexity Leave projects unfinished Supporting standards that enforce and measure quality Openly talking about complexity Holding ourselves accountable for completion

26. More selective about when we trust More prepared for defensive response Developing threat models for our economy and people we can understand our risk More trusting Less defensive response Slower to adapt to changing threat levels

27. Smaller companies Smaller budgets Smaller security teams we can embrace our size More collaboration More reuse More automation

28. opensecurity.nz A place to find open source, information security projects and tools, created in New Zealand Documentation Tools Reusables

29. A non-commercial initiative To encourage collaboration To open pathways for new contributors To share innovation Aims

30. Requirements Has a code of conduct Has a contribution guide Has a readme file Open source license Is maintained Created in New Zealand

31. Got a project you’d like to share? https://opensecurity.nz https://safestack.typeform.com/to/i6wj2y support@opensecurity.nz

32. Summary We are here Context matters in security The best and worst Need to be balanced to thrive Building a secure NZ Needs us to listen to smaller voices

33. Submit a project https://safestack.typeform.com/to/i6wj2y Learn about opensecurity https://opensecurity.nz Ask a question or volunteer! support@opensecurity.nz @lady_nerd laura@safestack.io https://safestack.io

Security confessions of a small country

Recommended

Recommended

More Related Content

What's hot

What's hot (15)

Similar to Security confessions of a small country

Similar to Security confessions of a small country (20)

Recently uploaded

Recently uploaded (20)

Security confessions of a small country