Presentation on the need to re-examine how we engineer systems (taking service providers as an example) and the implications on how we quantify cyber risk if we want to take this message into the board room (as given at BT’s SnoopCon 2019 and Cisco’s June 2019 Knowledge Network webinar for service providers). Having delivered security […] The post Security Engineering – A manifesto for defensive security appeared first on Portcullis Labs.| Portcullis Labs
Whilst there are some great examples of how to assess infrastructure as code dynamically with things like the Center for Internet Security‘s Docker benchmark and CoreOS‘s Clair, these kinda run a little too late in the pipeline for my liking. If we want to treat infrastructure as code then surely we ought to be performing […] The post Use Infrastructure as Code they said. Easier to audit they said… (part 1) appeared first on Portcullis Labs.| Portcullis Labs