Medieval castle builders made effective use of simple design principles to defend the most valuable assets in their castles. Centuries later there are clearly lessons we’ve forgotten that could help when it comes to how we defend our IT assets. From the moment we started to enable multi-user systems, we’ve gone about defending our information in all the wrong ways. In this session we’ll look at a completely different approach to designing security into our systems. We’ll look at new ways to understand what assets are, what threats those assets face, and how to leverage three basic types of defense mechanisms to effectively protect what we hold most dear. Ultimately you’ll learn how to bring technology and offensive security practices together into a cohesive defense approach that works. It’s time to defend your crown jewels inside a fortified castle rather than a thinly constructed warehouse.

Alyssa is a former developer turned pen-tester and security evangelist with over 15 years of experience in the security industry. She has maintained a heavy focus on application security over the years, not only conducting application assessments, threat modeling exercises and secure code reviews, but also working with companies to develop comprehensive secure SDLC programs. Alyssa is also experienced in delivering security training at all levels from basic awareness to detailed secure coding practices. Currently, Alyssa is the Manager of the Information Security Solutions Practice for CDW, working with customers to deliver security assessment and advisory services. Alyssa has been published in multiple security publications and also holds a CISM certification from ISACA.

Slides

Back to Circle City Con 2019 Videos list