Bio: Matthew leads Dimension Data’s Cybersecurity practice which includes Security-.Assessmenr.com, Dimension Data’s incident response and offensive security team. He has over 15 years of industry experience and has worked in a senior Cybersecurity leadership positions in a number of global organisations across a range of industry sectors. He has also participated in a number of cybersecurity industry boards including joint Chairperson of the Australasian Chapter of The Information Security Forum. He has also contributed to the development of a number of international cybersecurity standards including the Open Group’s Jericho forum Identity Commandments and ISACA’s CoBiT IT Governance implementation guide.
Everyone In Security Please Move Two Seats To The Left ...
Or Risk Not Having A Chair
It’s a simple analogy we all need to shift left in the software development lifecycle to remain relevant and maintain a seat at the table. My first work assignment was as an IT Auditor reviewing Cobol code base for Y2K bugs. I used a scanning tool and an audit check list manually reviewing the output of the reports and crafting a lovely presentation for the Client. Many years on my job hasn’t changed a lot - I still review infrastructure for security bugs and report back security bugs – so not much has changed right….. oh but it will and is…!
Today as organisation’s move to continuous / automated release cycles, static testing or annual compliance testing are a risky approach to managing security risk. Equally today’s challenge is how do you know that code from GitHub or 3rd party developer code adheres to your dev standards as you rush through that sprint…
In this presentation I will talk about how we all need to start to change the way we work and advise our clients in this new digital world. How we all need to tool up, live and breathe these new modern digital landscapes and take advance of automatization and change our ways such as implementing continuous assurance frameworks using toolsets. I will explore some work we have been doing with clients build around the concept of Shift Left through a combination of client coaching and retooling / repurposing our security testers so security is being design, built and tested within the DevOps process rather than at the end.