michael brunton spall lead security architect government
play

Michael Brunton-Spall Lead Security Architect Government Digital - PowerPoint PPT Presentation

May 13, 2023 •141 likes •1.02k views

Michael Brunton-Spall Lead Security Architect Government Digital Service @bruntonspall Being secure and agile GOTO Amsterdam 2016 Michael Brunton-Spall GDS Michael Brunton-Spall @bruntonspall He/His/Him Michael Brunton-Spall GDS Lead

  1. Michael Brunton-Spall Lead Security Architect Government Digital Service @bruntonspall

  2. Being secure and agile GOTO Amsterdam 2016 Michael Brunton-Spall GDS

  3. Michael Brunton-Spall @bruntonspall He/His/Him Michael Brunton-Spall GDS

  4. Lead Security Architect Cabinet Office UK Government Michael Brunton-Spall GDS

  5. I'm from the Government, and I'm here to help Michael Brunton-Spall GDS

  6. I'm from security, and I'm here to help Michael Brunton-Spall GDS

  7. The state of security Michael Brunton-Spall GDS

  8. Certification 
 Accreditation PCI 
 ISO27001 Michael Brunton-Spall GDS

  9. Michael Brunton-Spall GDS

  10. Change control boards Michael Brunton-Spall GDS

  11. Michael Brunton-Spall GDS

  12. Agile changes everything Michael Brunton-Spall GDS

  13. What is agile? Michael Brunton-Spall GDS

  14. Michael Brunton-Spall GDS

  15. While the things on the right have value Michael Brunton-Spall GDS

  16. The things on the left have more value Michael Brunton-Spall GDS

  17. Individuals and interactions over processes and tools Michael Brunton-Spall GDS

  18. Working software over comprehensive documentation Michael Brunton-Spall GDS

  19. Responding to change over following a plan Michael Brunton-Spall GDS

  20. Customer collaboration over contract negotiation Michael Brunton-Spall GDS

  21. Contracts, Planning, Documentation, Processes and Tools Michael Brunton-Spall GDS

  22. Collaboration, Change, Deliverables, People Michael Brunton-Spall GDS

  23. Building software together Michael Brunton-Spall GDS

  24. Support and trust Michael Brunton-Spall GDS

  25. Simplicity Michael Brunton-Spall GDS

  26. Maximising work not done Michael Brunton-Spall GDS

  27. "Minimising the lead time for delivering business value" @tastapod Michael Brunton-Spall GDS

  28. What does this mean today? Michael Brunton-Spall GDS

  29. Minimum viable product or service Michael Brunton-Spall GDS

  30. Iterate Michael Brunton-Spall GDS

  31. Release early, release often Michael Brunton-Spall GDS

  32. Michael Brunton-Spall GDS

  33. Principles Michael Brunton-Spall GDS

  34. Protect personal data https://www.cesg.gov.uk/guidance/protecting-bulk-personal-data Michael Brunton-Spall GDS

  35. Security design principles https://www.cesg.gov.uk/guidance/security-design-principles-digital-services-0 Michael Brunton-Spall GDS

  36. 8 Principles of risk management https://www.gov.uk/government/publications/principles-of-effective-cyber-security-risk-management Michael Brunton-Spall GDS

  37. Accept uncertainty 
 Security as part of the team 
 Understand the risks Michael Brunton-Spall GDS

  38. Trust decision making 
 Security is part of everything User experience is important Michael Brunton-Spall GDS

  39. Audit decisions 
 Understand big picture impact Michael Brunton-Spall GDS

  40. How does agile help? Michael Brunton-Spall GDS

  41. Continual delivery of business value Michael Brunton-Spall GDS

  42. Continual acceptance of risk Michael Brunton-Spall GDS

  43. Secure Agile Development Michael Brunton-Spall GDS

  44. Security must be an enabler of the team Michael Brunton-Spall GDS

  45. Safety engineering and security engineering Michael Brunton-Spall GDS

  46. The unit of delivery is the team Michael Brunton-Spall GDS

  47. The unit of decision making is the team Michael Brunton-Spall GDS

  48. Risk Michael Brunton-Spall GDS

  49. Educate the team to the threats Michael Brunton-Spall GDS

  50. Keep a running risk log Michael Brunton-Spall GDS

  51. Apply risk decisions per story Michael Brunton-Spall GDS

  52. Apply controls per story Michael Brunton-Spall GDS

  53. Security debt Michael Brunton-Spall GDS

  54. Simple systems are more secure Michael Brunton-Spall GDS

  55. Choosing the secure method must be the easiest option Michael Brunton-Spall GDS

  56. Security as an enabler Michael Brunton-Spall GDS

  57. Secure Agile Operations Michael Brunton-Spall GDS

  58. Infrastructure as code Michael Brunton-Spall GDS

  59. Michael Brunton-Spall GDS

  60. Infrastructure as testable code Michael Brunton-Spall GDS

  61. Michael Brunton-Spall GDS

  62. Michael Brunton-Spall GDS

  63. Dealing with patches Michael Brunton-Spall GDS

  64. What machines are affected? Michael Brunton-Spall GDS

  65. Michael Brunton-Spall GDS

  66. Michael Brunton-Spall GDS

  67. Updating machines in test Michael Brunton-Spall GDS

  68. Michael Brunton-Spall GDS

  69. Just some machines? Michael Brunton-Spall GDS

  70. Michael Brunton-Spall GDS

  71. Repeat in production Michael Brunton-Spall GDS

  72. What does Agile and DevOps give you? Michael Brunton-Spall GDS

  73. Automated Testing Michael Brunton-Spall GDS

  74. Infrastructure as code Michael Brunton-Spall GDS

  75. Fast repeatable deploys Michael Brunton-Spall GDS

  76. Audit logs Michael Brunton-Spall GDS

  77. Code review of infrastructure changes Michael Brunton-Spall GDS

  78. Confidence! Michael Brunton-Spall GDS

  79. Why does that matter? Michael Brunton-Spall GDS

  80. Australian Signals Directorate http://www.asd.gov.au/publications/protect/top_4_mitigations.htm Michael Brunton-Spall GDS

  81. Application whitelisting Michael Brunton-Spall GDS

  82. Patching Michael Brunton-Spall GDS

  83. Patching (again) Michael Brunton-Spall GDS

  84. Minimise administrative controls Michael Brunton-Spall GDS

  85. Done well, agile techniques mean more secure software Michael Brunton-Spall GDS

  86. We're hiring! 
 https://gds.blog.gov.uk/jobs Michael Brunton-Spall GDS

  87. Michael Brunton-Spall 
 Lead Security Architect Government Digital Service 
 @bruntonspall

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

When devops meets security Michael Brunton-Spall I'm from the Government and I'm here to

When devops meets security Michael Brunton-Spall I'm from the Government and I'm here to

When devops meets security Michael Brunton-Spall I'm from the Government and I'm here to help I'm from security and I'm here to help Government Digital Service Simpler, Clearer, Faster The state of information security in 2015

844 views • 70 slides
Attack Trees, Security modelling for Agile Teams Michael Brunton-Spall @bruntonspall Michael

Attack Trees, Security modelling for Agile Teams Michael Brunton-Spall @bruntonspall Michael

Attack Trees, Security modelling for Agile Teams Michael Brunton-Spall @bruntonspall Michael Brunton-Spall He/His/Him Independent Cybersecurity Consultant Michael Brunton-Spall @bruntonspall Why Security Matters Michael Brunton-Spall

770 views • 66 slides
The evolving practice of security Michael Brunton-Spall Bruntonspall Ltd Michael Brunton-Spall

The evolving practice of security Michael Brunton-Spall Bruntonspall Ltd Michael Brunton-Spall

The evolving practice of security Michael Brunton-Spall Bruntonspall Ltd Michael Brunton-Spall He/His/Him michael@bruntonspall.com https://tinyletter.com/cyberweekly Michael Brunton-Spall Bruntonspall Ltd Why is security evolving Where

1.11k views • 108 slides
Does agile make us less secure? Security in a post devops world YOW! Sydney 2019 Michael

Does agile make us less secure? Security in a post devops world YOW! Sydney 2019 Michael

Does agile make us less secure? Security in a post devops world YOW! Sydney 2019 Michael Brunton-Spall Bruntonspall Ltd Michael Brunton-Spall He/His/Him michael@bruntonspall.com Michael Brunton-Spall Bruntonspall Ltd The second most

1.71k views • 139 slides
Apps Behaving Badly Michael Brunton-Spall Lisa van Gelder The inevitability of failure

Apps Behaving Badly Michael Brunton-Spall Lisa van Gelder The inevitability of failure

Apps Behaving Badly Michael Brunton-Spall Lisa van Gelder The inevitability of failure Systems will fail Architect for failure System independence Each system should cope on its own Some systems are critical Redundancy where

958 views • 47 slides
BloodHound From Red to Blue 1.5 By Scoubi @ScoubiMTL BIO Sr Security Architect at Bell Canada

BloodHound From Red to Blue 1.5 By Scoubi @ScoubiMTL BIO Sr Security Architect at Bell Canada

BloodHound From Red to Blue 1.5 By Scoubi @ScoubiMTL BIO Sr Security Architect at Bell Canada Adversary Detection Team Lead Threat Hunting Team Lead First Presented at BSidesCharm French Canadian Dont pronounce S and H

1.37k views • 104 slides
Enterprise Security with Expanded Network Boundaries Dr. Zhijun (William) Zhang Lead Security

Enterprise Security with Expanded Network Boundaries Dr. Zhijun (William) Zhang Lead Security

Enterprise Security with Expanded Network Boundaries Dr. Zhijun (William) Zhang Lead Security Architect at The World Bank Group Data Breaches in the News Large-scale breaches are now a regular occurrence across industry and geography

221 views • 18 slides
Fast Forward I/O & Storage Eric Barton Lead Architect High Performance Data Division 1

Fast Forward I/O & Storage Eric Barton Lead Architect High Performance Data Division 1

Fast Forward I/O & Storage Eric Barton Lead Architect High Performance Data Division 1 Department of Energy - Fast Forward Challenge FastForward RFP provided US Government funding for exascale research and development Sponsored by 7

505 views • 21 slides
and Needs. Prepared for The Australian Vegetable Industry Prepared by Colmar Brunton Colmar

and Needs. Prepared for The Australian Vegetable Industry Prepared by Colmar Brunton Colmar

Exploring Consumers Perceptions and Needs. Prepared for The Australian Vegetable Industry Prepared by Colmar Brunton Colmar Brunton Contacts | Stuart Todd (Account Director) & Megan Ferguson (Qualitative Specialist) Email:

1.14k views • 80 slides
(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at

(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at

(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at Swisscom frei@techzoom.net Twitter @stefan_frei Cyber & Networking Security Networking security has become critical issue for all types

788 views • 66 slides
Specifying Timber in Projects Seminar 8 th April 2019 Barry Brunton Sth. Aust Tech Team

Specifying Timber in Projects Seminar 8 th April 2019 Barry Brunton Sth. Aust Tech Team

Specifying Timber in Projects Seminar 8 th April 2019 Barry Brunton Sth. Aust Tech Team Barry.Brunton@woodsolutions.com.au 0426 56 7771 Welcome! Thanks to all for attending! In case of Emergency Planned Fire Alarms? Gents &

394 views • 18 slides
Gwen Cheeseman Content lead, Government as a Platform Government Digital Service

Gwen Cheeseman Content lead, Government as a Platform Government Digital Service

Gwen Cheeseman Content lead, Government as a Platform Government Digital Service @cheesecake_b Liz Lutgendor ff Senior programme analyst, GOV.UK Government Digital Service @sillypunk Simpler Clearer Faster GOV.UK started with a

701 views • 31 slides
Navigating the Pitfalls and Promises of Network Security Monitoring (NSM) Who are we? Dr. Scott

Navigating the Pitfalls and Promises of Network Security Monitoring (NSM) Who are we? Dr. Scott

Navigating the Pitfalls and Promises of Network Security Monitoring (NSM) Who are we? Dr. Scott Miserendino Michael Gora Chief Data Scientist System Architect Cyber Security Start-Up Started in 2013 Born out of a large defense

342 views • 19 slides
Why I chose mongodb for guardian.co.uk Mat Wall Lead Software Architect, guardian.co.uk It is

Why I chose mongodb for guardian.co.uk Mat Wall Lead Software Architect, guardian.co.uk It is

Why I chose mongodb for guardian.co.uk Mat Wall Lead Software Architect, guardian.co.uk It is not the strongest of the species that survives, nor the most intelligent. It is the one that is most adaptable to change. Early Period circa

818 views • 63 slides
Raising The Security Bar with Guardr Mediacurrent Mark Shropshire Open Source Security Lead

Raising The Security Bar with Guardr Mediacurrent Mark Shropshire Open Source Security Lead

Raising The Security Bar with Guardr Mediacurrent Mark Shropshire Open Source Security Lead Mark is the lead maintainer of Guardr, a suite of modules predicated around Drupal security. He is passionate about architecting systems to solve

812 views • 38 slides
GASVESSEL Project PI ERLUI GI BUSETTO Lead Naval Architect NAVALPROGETTI S.r.l Trieste - I

GASVESSEL Project PI ERLUI GI BUSETTO Lead Naval Architect NAVALPROGETTI S.r.l Trieste - I

GASVESSEL Project PI ERLUI GI BUSETTO Lead Naval Architect NAVALPROGETTI S.r.l Trieste - I taly 1 Pula, 1 1 th October 2 0 1 7 Pream ble EU consumption of Natural gas is increasing EU dependency on imported Gas in 2014 was 70% (40%

361 views • 21 slides
t dt = 2 t t dt t t dt 1 erf x e 0 0 Function t

t dt = 2 t t dt t t dt 1 erf x e 0 0 Function t

u(t-t o ) Unit Step Unit Step Function Function 1 t t ( ) = 0 u t t < 0 0 t t 0 t o ! Special Functions ! Special Functions (t-t o ) ! Differential Equations ! Differential

159 views • 5 slides
Improving Career Progression for Teachers Consultation: Breakout Session Teaching Profession

Improving Career Progression for Teachers Consultation: Breakout Session Teaching Profession

Strengthening QTS and Improving Career Progression for Teachers Consultation: Breakout Session Teaching Profession Unit QTS.consultation@education.gov.uk I am very I have never I know a little I know the familiar with heard of this bit

563 views • 10 slides
Global Survey of Multi-Disciplinary Experts Engaged in Environmental Public Health Tracking

Global Survey of Multi-Disciplinary Experts Engaged in Environmental Public Health Tracking

Global Survey of Multi-Disciplinary Experts Engaged in Environmental Public Health Tracking INPHET Scientific Committee, July 2015 Website: http://www.epiprev.it/INPHET/home For further information contact: behrooz.behbod@phe.gov.uk or

334 views • 17 slides
The META-NET Strategic Research Agenda and Linked Open Data Georg Rehm DFKI, Germany

The META-NET Strategic Research Agenda and Linked Open Data Georg Rehm DFKI, Germany

The META-NET Strategic Research Agenda and Linked Open Data Georg Rehm DFKI, Germany georg.rehm@dfki.de Multilingual Web Workshop Dublin, Ireland June 11, 2012 Co-funded by the 7th Framework Programme and the ICT Policy Support Programme

757 views • 20 slides
The Prevent duty Julian Butcher Head of Regulatory Framework Unit Kirsten Joppe Prevent duty

The Prevent duty Julian Butcher Head of Regulatory Framework Unit Kirsten Joppe Prevent duty

The Prevent duty Julian Butcher Head of Regulatory Framework Unit Kirsten Joppe Prevent duty lead, Regulatory Framework Unit Objectives of the counter extremism programme in DfE OUR OBJECTIVES Improve the resilience of the system to

415 views • 30 slides
Private Hire Licensing, Compliance and Enforcement 2 Unless otherwise stated the information

Private Hire Licensing, Compliance and Enforcement 2 Unless otherwise stated the information

1 Private Hire Licensing, Compliance and Enforcement 2 Unless otherwise stated the information contained in this presentation covers the first quarter of our financial year, running from 1 April to 23 June. The Transport for London financial

491 views • 37 slides
https://www.gov.uk/register-to-vote Can register here and at home, vote in both local elections

https://www.gov.uk/register-to-vote Can register here and at home, vote in both local elections

https://www.gov.uk/register-to-vote Can register here and at home, vote in both local elections Vote on National things once, can decide at last moment Examples Find the radius of convergence of the following functions. (sinh( n

418 views • 6 slides
Transforming SEND Services in Hertfordshire Schools Forum 26 June 2019 David Butcher Head

Transforming SEND Services in Hertfordshire Schools Forum 26 June 2019 David Butcher Head

Transforming SEND Services in Hertfordshire Schools Forum 26 June 2019 David Butcher Head of Transforming SEND Services www.hertfordshire.gov.uk www.hertfordshire.gov.uk www.hertfordshire.gov.uk The Case for Change: Hertfordshire

238 views • 12 slides

More recommend