Session Name: Security Phoenix, From the ashes of dev-ops From the ashes of dev-ops a new security creature is bor
Synopsis:
The talk will take the audience on a journey from the origin of the security architecture, traditional waterfall framework and the evolution of those in a traditional DEV-SEC-OPS
The talk will take the audience trough the difference between traditional command and control governance and the solution to avoid starving automation and innovation with traditional security governance.
The talk will introduce concepts like
Trust and Verify your developer
“Build vs FIX” and “own your crappy code”
Downtendring vulnerability threshold
Licence to code
We will explore:
Security Gates and why they do not always work in dev-ops
Security governance: how to avoid starving innovation but do a security review
ESF: Enterprise Security Framework - Different between products, Environment/Platforms and applications
Modern SLDC cycle:
How to secure the design phase (design and requirements)
How to secure dev and test
How to convert threat modelling in use stories
Risk management and roles in DEV-SEC-OPS
How to Deploy in the production ensuring that the artefacts have been reviewed (break the pipeline vs trust and verify)
Prioritizing Vulnerabilities using CVE, Metaexploit code availability, Impact assessment
Speaker Bio:
Hi, I’m Francesco (aka @Franksec42 on twitter), your friendly cyber and cloud security avocado(advocate).
I’m a Chief Information Security Officer (CISO) and cybersecurity advisor who specialises in strategy and cloud security. Fuelled with passion, curiosity and dissatisfaction for the status quo, I believe in protecting identities in cyberspace and creating a safer, more connected world for future generations.
I'm currently helping HSBC building their cybersecurity architecture practice and I’m acting virtual CISO for ELEXON.
My motto is if you are cybersafe I'm cyberhappy
In my spare time, I’d love to give back to the cybersecurity community and I'm a keen contributor. I’m the co-author of several books on network and security and collaborate with a
As part of that, I’m chairing the Cloud security alliance UK and active member of ISC2.
I’ve launched the #MentoringMonday community together with the support of Jane Frankland and Tanya Janca. The mentorship community is inclusive with a focus to empower women in cybersecurity as well as young minds. I am a mentor and coach in the community and I’ve launched the activity in order to help the future generation of cybersecurity expert.
As part of the mentoring, I'm committed in supporting women in cyber with mentorship, education and guidance.
I've delivered effective cybersecurity transformation for my client in Financial services such as Nationwide, Charles Taylor, Capita Asset Management, Link Asset Management.
I've also delivered a cybersecurity improvement programme for different sectors, amongst my clients: United Nations (WFP and FAO), National Lottery (Camelot), Vodafone, BT, Telecom Italia.
