michael brunton spall lead security architect government
play

Michael Brunton-Spall Lead Security Architect Government Digital - PowerPoint PPT Presentation

May 13, 2023 •141 likes •1.02k views

Michael Brunton-Spall Lead Security Architect Government Digital Service @bruntonspall Being secure and agile GOTO Amsterdam 2016 Michael Brunton-Spall GDS Michael Brunton-Spall @bruntonspall He/His/Him Michael Brunton-Spall GDS Lead

  1. Michael Brunton-Spall Lead Security Architect Government Digital Service @bruntonspall

  2. Being secure and agile GOTO Amsterdam 2016 Michael Brunton-Spall GDS

  3. Michael Brunton-Spall @bruntonspall He/His/Him Michael Brunton-Spall GDS

  4. Lead Security Architect Cabinet Office UK Government Michael Brunton-Spall GDS

  5. I'm from the Government, and I'm here to help Michael Brunton-Spall GDS

  6. I'm from security, and I'm here to help Michael Brunton-Spall GDS

  7. The state of security Michael Brunton-Spall GDS

  8. Certification 
 Accreditation PCI 
 ISO27001 Michael Brunton-Spall GDS

  9. Michael Brunton-Spall GDS

  10. Change control boards Michael Brunton-Spall GDS

  11. Michael Brunton-Spall GDS

  12. Agile changes everything Michael Brunton-Spall GDS

  13. What is agile? Michael Brunton-Spall GDS

  14. Michael Brunton-Spall GDS

  15. While the things on the right have value Michael Brunton-Spall GDS

  16. The things on the left have more value Michael Brunton-Spall GDS

  17. Individuals and interactions over processes and tools Michael Brunton-Spall GDS

  18. Working software over comprehensive documentation Michael Brunton-Spall GDS

  19. Responding to change over following a plan Michael Brunton-Spall GDS

  20. Customer collaboration over contract negotiation Michael Brunton-Spall GDS

  21. Contracts, Planning, Documentation, Processes and Tools Michael Brunton-Spall GDS

  22. Collaboration, Change, Deliverables, People Michael Brunton-Spall GDS

  23. Building software together Michael Brunton-Spall GDS

  24. Support and trust Michael Brunton-Spall GDS

  25. Simplicity Michael Brunton-Spall GDS

  26. Maximising work not done Michael Brunton-Spall GDS

  27. "Minimising the lead time for delivering business value" @tastapod Michael Brunton-Spall GDS

  28. What does this mean today? Michael Brunton-Spall GDS

  29. Minimum viable product or service Michael Brunton-Spall GDS

  30. Iterate Michael Brunton-Spall GDS

  31. Release early, release often Michael Brunton-Spall GDS

  32. Michael Brunton-Spall GDS

  33. Principles Michael Brunton-Spall GDS

  34. Protect personal data https://www.cesg.gov.uk/guidance/protecting-bulk-personal-data Michael Brunton-Spall GDS

  35. Security design principles https://www.cesg.gov.uk/guidance/security-design-principles-digital-services-0 Michael Brunton-Spall GDS

  36. 8 Principles of risk management https://www.gov.uk/government/publications/principles-of-effective-cyber-security-risk-management Michael Brunton-Spall GDS

  37. Accept uncertainty 
 Security as part of the team 
 Understand the risks Michael Brunton-Spall GDS

  38. Trust decision making 
 Security is part of everything User experience is important Michael Brunton-Spall GDS

  39. Audit decisions 
 Understand big picture impact Michael Brunton-Spall GDS

  40. How does agile help? Michael Brunton-Spall GDS

  41. Continual delivery of business value Michael Brunton-Spall GDS

  42. Continual acceptance of risk Michael Brunton-Spall GDS

  43. Secure Agile Development Michael Brunton-Spall GDS

  44. Security must be an enabler of the team Michael Brunton-Spall GDS

  45. Safety engineering and security engineering Michael Brunton-Spall GDS

  46. The unit of delivery is the team Michael Brunton-Spall GDS

  47. The unit of decision making is the team Michael Brunton-Spall GDS

  48. Risk Michael Brunton-Spall GDS

  49. Educate the team to the threats Michael Brunton-Spall GDS

  50. Keep a running risk log Michael Brunton-Spall GDS

  51. Apply risk decisions per story Michael Brunton-Spall GDS

  52. Apply controls per story Michael Brunton-Spall GDS

  53. Security debt Michael Brunton-Spall GDS

  54. Simple systems are more secure Michael Brunton-Spall GDS

  55. Choosing the secure method must be the easiest option Michael Brunton-Spall GDS

  56. Security as an enabler Michael Brunton-Spall GDS

  57. Secure Agile Operations Michael Brunton-Spall GDS

  58. Infrastructure as code Michael Brunton-Spall GDS

  59. Michael Brunton-Spall GDS

  60. Infrastructure as testable code Michael Brunton-Spall GDS

  61. Michael Brunton-Spall GDS

  62. Michael Brunton-Spall GDS

  63. Dealing with patches Michael Brunton-Spall GDS

  64. What machines are affected? Michael Brunton-Spall GDS

  65. Michael Brunton-Spall GDS

  66. Michael Brunton-Spall GDS

  67. Updating machines in test Michael Brunton-Spall GDS

  68. Michael Brunton-Spall GDS

  69. Just some machines? Michael Brunton-Spall GDS

  70. Michael Brunton-Spall GDS

  71. Repeat in production Michael Brunton-Spall GDS

  72. What does Agile and DevOps give you? Michael Brunton-Spall GDS

  73. Automated Testing Michael Brunton-Spall GDS

  74. Infrastructure as code Michael Brunton-Spall GDS

  75. Fast repeatable deploys Michael Brunton-Spall GDS

  76. Audit logs Michael Brunton-Spall GDS

  77. Code review of infrastructure changes Michael Brunton-Spall GDS

  78. Confidence! Michael Brunton-Spall GDS

  79. Why does that matter? Michael Brunton-Spall GDS

  80. Australian Signals Directorate http://www.asd.gov.au/publications/protect/top_4_mitigations.htm Michael Brunton-Spall GDS

  81. Application whitelisting Michael Brunton-Spall GDS

  82. Patching Michael Brunton-Spall GDS

  83. Patching (again) Michael Brunton-Spall GDS

  84. Minimise administrative controls Michael Brunton-Spall GDS

  85. Done well, agile techniques mean more secure software Michael Brunton-Spall GDS

  86. We're hiring! 
 https://gds.blog.gov.uk/jobs Michael Brunton-Spall GDS

  87. Michael Brunton-Spall 
 Lead Security Architect Government Digital Service 
 @bruntonspall

Recommend

When devops meets security Michael Brunton-Spall I'm from the Government and I'm here to

When devops meets security Michael Brunton-Spall I'm from the Government and I'm here to

When devops meets security Michael Brunton-Spall I'm from the Government and I'm here to help I'm from security and I'm here to help Government Digital Service Simpler, Clearer, Faster The state of information security in 2015

844 views • 70 slides
Attack Trees, Security modelling for Agile Teams Michael Brunton-Spall @bruntonspall Michael

Attack Trees, Security modelling for Agile Teams Michael Brunton-Spall @bruntonspall Michael

Attack Trees, Security modelling for Agile Teams Michael Brunton-Spall @bruntonspall Michael Brunton-Spall He/His/Him Independent Cybersecurity Consultant Michael Brunton-Spall @bruntonspall Why Security Matters Michael Brunton-Spall

770 views • 66 slides
The evolving practice of security Michael Brunton-Spall Bruntonspall Ltd Michael Brunton-Spall

The evolving practice of security Michael Brunton-Spall Bruntonspall Ltd Michael Brunton-Spall

The evolving practice of security Michael Brunton-Spall Bruntonspall Ltd Michael Brunton-Spall He/His/Him michael@bruntonspall.com https://tinyletter.com/cyberweekly Michael Brunton-Spall Bruntonspall Ltd Why is security evolving Where

1.11k views • 108 slides
Does agile make us less secure? Security in a post devops world YOW! Sydney 2019 Michael

Does agile make us less secure? Security in a post devops world YOW! Sydney 2019 Michael

Does agile make us less secure? Security in a post devops world YOW! Sydney 2019 Michael Brunton-Spall Bruntonspall Ltd Michael Brunton-Spall He/His/Him michael@bruntonspall.com Michael Brunton-Spall Bruntonspall Ltd The second most

1.71k views • 139 slides
Apps Behaving Badly Michael Brunton-Spall Lisa van Gelder The inevitability of failure

Apps Behaving Badly Michael Brunton-Spall Lisa van Gelder The inevitability of failure

Apps Behaving Badly Michael Brunton-Spall Lisa van Gelder The inevitability of failure Systems will fail Architect for failure System independence Each system should cope on its own Some systems are critical Redundancy where

958 views • 47 slides
BloodHound From Red to Blue 1.5 By Scoubi @ScoubiMTL BIO Sr Security Architect at Bell Canada

BloodHound From Red to Blue 1.5 By Scoubi @ScoubiMTL BIO Sr Security Architect at Bell Canada

BloodHound From Red to Blue 1.5 By Scoubi @ScoubiMTL BIO Sr Security Architect at Bell Canada Adversary Detection Team Lead Threat Hunting Team Lead First Presented at BSidesCharm French Canadian Dont pronounce S and H

1.37k views • 104 slides
Enterprise Security with Expanded Network Boundaries Dr. Zhijun (William) Zhang Lead Security

Enterprise Security with Expanded Network Boundaries Dr. Zhijun (William) Zhang Lead Security

Enterprise Security with Expanded Network Boundaries Dr. Zhijun (William) Zhang Lead Security Architect at The World Bank Group Data Breaches in the News Large-scale breaches are now a regular occurrence across industry and geography

221 views • 18 slides
Fast Forward I/O & Storage Eric Barton Lead Architect High Performance Data Division 1

Fast Forward I/O & Storage Eric Barton Lead Architect High Performance Data Division 1

Fast Forward I/O & Storage Eric Barton Lead Architect High Performance Data Division 1 Department of Energy - Fast Forward Challenge FastForward RFP provided US Government funding for exascale research and development Sponsored by 7

505 views • 21 slides
and Needs. Prepared for The Australian Vegetable Industry Prepared by Colmar Brunton Colmar

and Needs. Prepared for The Australian Vegetable Industry Prepared by Colmar Brunton Colmar

Exploring Consumers Perceptions and Needs. Prepared for The Australian Vegetable Industry Prepared by Colmar Brunton Colmar Brunton Contacts | Stuart Todd (Account Director) & Megan Ferguson (Qualitative Specialist) Email:

1.14k views • 80 slides
(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at

(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at

(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at Swisscom frei@techzoom.net Twitter @stefan_frei Cyber & Networking Security Networking security has become critical issue for all types

788 views • 66 slides
Specifying Timber in Projects Seminar 8 th April 2019 Barry Brunton Sth. Aust Tech Team

Specifying Timber in Projects Seminar 8 th April 2019 Barry Brunton Sth. Aust Tech Team

Specifying Timber in Projects Seminar 8 th April 2019 Barry Brunton Sth. Aust Tech Team Barry.Brunton@woodsolutions.com.au 0426 56 7771 Welcome! Thanks to all for attending! In case of Emergency Planned Fire Alarms? Gents &

394 views • 18 slides
Gwen Cheeseman Content lead, Government as a Platform Government Digital Service

Gwen Cheeseman Content lead, Government as a Platform Government Digital Service

Gwen Cheeseman Content lead, Government as a Platform Government Digital Service @cheesecake_b Liz Lutgendor ff Senior programme analyst, GOV.UK Government Digital Service @sillypunk Simpler Clearer Faster GOV.UK started with a

701 views • 31 slides
Navigating the Pitfalls and Promises of Network Security Monitoring (NSM) Who are we? Dr. Scott

Navigating the Pitfalls and Promises of Network Security Monitoring (NSM) Who are we? Dr. Scott

Navigating the Pitfalls and Promises of Network Security Monitoring (NSM) Who are we? Dr. Scott Miserendino Michael Gora Chief Data Scientist System Architect Cyber Security Start-Up Started in 2013 Born out of a large defense

342 views • 19 slides
Why I chose mongodb for guardian.co.uk Mat Wall Lead Software Architect, guardian.co.uk It is

Why I chose mongodb for guardian.co.uk Mat Wall Lead Software Architect, guardian.co.uk It is

Why I chose mongodb for guardian.co.uk Mat Wall Lead Software Architect, guardian.co.uk It is not the strongest of the species that survives, nor the most intelligent. It is the one that is most adaptable to change. Early Period circa

818 views • 63 slides
Raising The Security Bar with Guardr Mediacurrent Mark Shropshire Open Source Security Lead

Raising The Security Bar with Guardr Mediacurrent Mark Shropshire Open Source Security Lead

Raising The Security Bar with Guardr Mediacurrent Mark Shropshire Open Source Security Lead Mark is the lead maintainer of Guardr, a suite of modules predicated around Drupal security. He is passionate about architecting systems to solve

812 views • 38 slides
GASVESSEL Project PI ERLUI GI BUSETTO Lead Naval Architect NAVALPROGETTI S.r.l Trieste - I

GASVESSEL Project PI ERLUI GI BUSETTO Lead Naval Architect NAVALPROGETTI S.r.l Trieste - I

GASVESSEL Project PI ERLUI GI BUSETTO Lead Naval Architect NAVALPROGETTI S.r.l Trieste - I taly 1 Pula, 1 1 th October 2 0 1 7 Pream ble EU consumption of Natural gas is increasing EU dependency on imported Gas in 2014 was 70% (40%

361 views • 21 slides
Re-structuring Health Care Delivery in Ontario Michael Scarpitti Lead, Health Systems

Re-structuring Health Care Delivery in Ontario Michael Scarpitti Lead, Health Systems

Re-structuring Health Care Delivery in Ontario Michael Scarpitti Lead, Health Systems Transformation CMHA Ontario Current Changes Provincial Government has had a focus on re-structuring the health care system since election in June 2018.

832 views • 23 slides
Security and Privacy at WINLAB Security and Privacy at WINLAB Wade Trappe Overview and Lead-

Security and Privacy at WINLAB Security and Privacy at WINLAB Wade Trappe Overview and Lead-

Security and Privacy at WINLAB Security and Privacy at WINLAB Wade Trappe Overview and Lead- -In In Overview and Lead Security has been one of the great detractors for wireless technologies WINLABs security initiatives:

642 views • 13 slides
IN THE SOCIAL MEDIA AGE Presented by Michael Hurwitz Careers In Government

IN THE SOCIAL MEDIA AGE Presented by Michael Hurwitz Careers In Government

LOCAL GOVERNMENT RECRUITING IN THE SOCIAL MEDIA AGE Presented by Michael Hurwitz Careers In Government michael@careersingovernment.com SOCIAL GOVERNMENT Its easy to feel overwhelmed when using Social media in local government. With

660 views • 18 slides
[show me your privileges and I will lead you to SYSTEM] Andrea Pierini, Roma, 22 settembre 2018

[show me your privileges and I will lead you to SYSTEM] Andrea Pierini, Roma, 22 settembre 2018

[show me your privileges and I will lead you to SYSTEM] Andrea Pierini, Roma, 22 settembre 2018 dir /a /r %USERPROFILE% Cyclist & Scuba Diver, Father & Husband IT Architect & Security Manager Long time experience

908 views • 53 slides
[show me your privileges and I will lead you to SYSTEM] Andrea Pierini, Paris, June 19 th 2019 1

[show me your privileges and I will lead you to SYSTEM] Andrea Pierini, Paris, June 19 th 2019 1

[show me your privileges and I will lead you to SYSTEM] Andrea Pierini, Paris, June 19 th 2019 1 dir /a /r %USERPROFILE% Cyclist & Scuba Diver, Father & Husband IT Architect & Security Manager Long time experience

901 views • 62 slides
DevOps A History in Configuration Management About me Senior Information Security Architect @

DevOps A History in Configuration Management About me Senior Information Security Architect @

DevOps A History in Configuration Management About me Senior Information Security Architect @ Epigen Technology Security nerd & avid lock picker Auditor, Analyst, Engineer Organizer / Volunteer various conferences Tech policy & tech

352 views • 24 slides
Lead Azure Architect, MCT(Microsoft Certified Trainer) Azure Talk by Niraj kumar, Cloud Architect!

Lead Azure Architect, MCT(Microsoft Certified Trainer) Azure Talk by Niraj kumar, Cloud Architect!

http://blog.kloudezy.com Niraj Kumar Lead Azure Architect, MCT(Microsoft Certified Trainer) Azure Talk by Niraj kumar, Cloud Architect! Azure Talk Telegram Group http://blog.kloudezy.com Azure Container Services Containers vs VMs Azure

895 views • 7 slides
Evolving the architecture of guardian.co.uk Mat Wall Lead software architect History 1821 -

Evolving the architecture of guardian.co.uk Mat Wall Lead software architect History 1821 -

Evolving the architecture of guardian.co.uk Mat Wall Lead software architect History 1821 - Manchester Guardian released 1936 - Scott Trust formed: No proprietor Unique in British newspapers to this day 1959 - The Guardian goes national

931 views • 81 slides

More recommend