Talk Title: Hunting Hard, Failing Fast, Maintaining Integrity
Many organisations have invested millions in building security operations teams, deploying powerful monitoring and reporting tools and then asking for continual improvement in the form of tuning, threat hunting and developing new threat models. However, within large enterprises, these types of changes either represent a risk of making changes to a live production platform or take weeks or months to go through the development and release process or route-to-live. This session outlines some DevOps principals and associate framework for enforcing change management, but still supporting rapid changes to code and configuration.
- SOC Capabilities
- OODA & Threat Hunting
- Balancing SOC Risk
- Using Splunk for an Agile SIEM
- Evolution of DevSecOps
- DevSecOps Practices for SOC
- Result: Empowered Hunters
- Resources & Questions
A passionate cybersecurity professional with experience working within large enterprises across financial, luxury retail, energy and IT service based industries. Providing an organised approach to workload management with an emphasis on detail, combined with a robust methodology to incident response, investigation and remediation. Works diligently to achieve successful outcomes within set time constraints and develop maintainable processes and procedures.
Awarded the ‘Best New Cyber Talent’ by the Scottish Government in 2016.
Awarded the ‘Outstanding People Award’ by ECS in 2015 and 2017.