Defensive team – who are security engineers and how they help teams to develop secure applications
Who is a blue team and how they prevent business risks against company assets? What is secure development, secure architecture, secure coding? A lecture for Women in Appsec community and infosec students.
not) The Evangelist (raising the bar) The Security Expert (helping with the how) Security Automation (continuous security) Incident response, investigations and forensics https://xebia.com/blog/being-an-agile-security-officer/ @vixentael
focus on preventing risks instead of focusing on preventing vulnerabilities. 2. Implement security in cost-efficient, maintainable and verifiable way. @vixentael
that need to be compromised for damage to be done. Attack surface is created by components that open potential opportunity to inflict damage and materialize business risk, along with their risk level. @vixentael
Compartmentalization. Access separation. Echelonization. Defense in depth, security measures escalate with sensitivity/risk. Independent defences. No single point of security failure. @vixentael
much - security control will be overridden or broken. Log everything. Or be like ¯\_(ツ)_/¯ when things go bad. Have a contingency plan. Nobody is perfect. Have incident reaction plan from day 0. @vixentael
penalty additional operations lost access Usability vs security: Performance vs security: Maintainability vs security: Reliability vs security: @vixentael
a Product https://www.cossacklabs.com/blog/hiring-external-security-team.html Hiring External Security Team: What You Need To Know https://www.cossacklabs.com/blog/what-we-need-to-encrypt-cheatsheet.html What Do We Really Need To Encrypt. Cheatsheet