Edward Farrell is a security consultant with over eleven years’ experience in information security and sixteen years’ experience in the IT industry.
As the director of Mercury ISS, one of Australia’s few remaining independent security firms, he has conducted or overseen the delivery of 500 security assessment activities and incident responses in the past 5 years. His professional highlights include lecturing at the Australian Defence Force Academy, being rated in the top 200 bug bounty hunters in 2015 and running an awesome team of security professionals.
Automation and radical simplicity: Setting up cyber security practices for success
Much is said about automation, artificial intelligence and using apps. However, between another unscrupulous firms spin on their technology expertise in yet another startup (which has no developers or technology staff) and the fact that Australia still drives most of its businesses in Excel spreadsheets and PDF documents viewed in client side systems that haven't been patched for some time.
The greatest innovation cyber security can bring in this age is radically simple systems, automation leveraging open source technologies and well thought through systems and processes. Whilst the saving of time is a significant advantage, the repeatability & reproducibility of these technologies ensures a reinforced, discipline approach that can provide assurance to clients and the organisation at large.
I wanted to use this talk to open the hood on our organisation, the processes we've used internally, how we iterate through problems & avoid pitfalls. I will also talk through security requirements, ensuring availability and longevity, as well as the balance between pure automation and ensuring that value from technically oriented staff can still be achieved.
By the end of this talk, attendees will have an appreciation of paths for automation and repeatability, as well as ideas for how they might be able to implement similar systems in their own organisations.