The Human Side of a Security Incident

schedule Jul 30th 03:00 - 03:30 PM place EN308 C40 people 20 Interested

What could it be like to work through a real-life security incident at your company? As awareness about security in our industry improves, we hear much about how to keep our applications secure, but rarely do we consider what happens with your employees when something goes wrong. Allow me to share my story about the emotional highs and lows of working through a security incident, as we look past its technical surface and into the human experience behind it instead.

 
 

Outline/Structure of the Talk

The presentation is primarily structured as a series of talking points as I tell the story about the security incident we experienced, from its initial response stages to the ongoing impact. Along the way I give insight into what I found most tough about the experience as well as some enjoyable highlights, concluding with some reflection on what I would do differently in hindsight.

Learning Outcome

The aim of this talk is to build awareness and empathy among developers for the increasing prevalence of cybersecurity issues in our careers. By sharing my experience, I hope to help others prepare for similar events in their careers and help build a culture of sharing on a topic with which most companies are tight-lipped.

Target Audience

Primarily developers, but all are welcome!

Prerequisites for Attendees

N/A

schedule Submitted 2 months ago

Public Feedback

comment Suggest improvements to the Speaker

  • Liked Justin Holland
    keyboard_arrow_down

    Justin Holland - Cultivating quiet: The death of the need to always DO (Working Title)

    30 Mins
    Interactive
    Beginner

    I wrote this blog a short while ago: https://medium.com/@justin.holland/cultivating-quiet-38cec9466feb

    I feel like there are other continuous improvement addicts, or perennial impostor syndrome sufferers that feel the compulsive need to be more than they are, and do more in order to reach that unattainable perfect state of being...

    And I know that a bunch of us find ourselves in a state of constant information processing & overload... thanks to the infinite information we are exposed to every day.

    I have also come to believe this can be super unhealthy, and that there is something fundamental that we are losing, thanks to our perpetual busyness.

    Some come and have a little chat, and reflect, about the role of not doing... and instead... being... (quietly)

  • Liked Daniel Prager
    keyboard_arrow_down

    Daniel Prager / Andi Herman - When at first they don't want to change: Shared lessons from Addiction Therapy and Agile Coaching

    45 Mins
    Talk
    Intermediate

    The easy case for coaching looks something like this: a prospective coachee wants to change, can articulate their goals, and is matched up with a suitably experienced and competent coach, the two are a good fit, and they quickly get down to the challenging yet rewarding business of growth and change.

    But what if a person (or team) doesn't want to change and would rather not be coached? And despite this an external power deems that change is needed and that coaching will bring this change about. What's a coach to do? What about the coachee(s)? What about the role of the client who's engaged the coach?

    This situation is not uncommon, and bears more that a passing resemblance to what often goes on in addiction treatment. A person with a drug addiction (and often other problems) doesn't necessarily welcome therapeutic intervention at the outset. But an external authority has ordered it.

    In this session we will explore the parallels between the two modalities of addiction therapy and coaching, including the applicability of the Transtheoretical Model of Change and the related technique of Motivational Interviewing.

    These approaches offer insights into how to flex and adapt your coaching approach in the face of some of the most common human impediments to change.

  • Liked Ed O'Shaughnessy
    keyboard_arrow_down

    Ed O'Shaughnessy / Alexandra Stokes / Jeanette Peterson / Mark Barber / Penelope Barr / Renee Troughton / Robyn Elliott / Tomas Varsavsky - The Good, Bad & Ugly: what we've learned in 10 years of scaling agile -- a panel discussion

    45 Mins
    Panel
    Intermediate

    Agile is now all grown up and is pretty much the de facto way of working for most teams, but it's proven to be a challenge for adoption at scale. Over the last ten years or so there has been a lot of trial and error figuring out how to break through the cultural barriers, political resistance and technical hurdles that large organisations present. This panel of luminaries (!) brings a wealth of experience helping many different types of organisations transform themselves to be fit for purpose in the 21st century. Come along to hear their stories, some good, some bad and probably a few ugly ones!

    PLEASE NOTE: this session will be recorded live by The Weekly Reboot podcast and made available for public consumption. Your attendance will be taken as acceptance to being recorded and publicly broadcast.

  • Liked Mark Grebler
    keyboard_arrow_down

    Mark Grebler - Designing a DevOps Dependency Diagram to Decide Development Direction

    Mark Grebler
    Mark Grebler
    Head of Engineering
    Focus HQ
    schedule 4 months ago
    Sold Out!
    45 Mins
    Case Study
    Beginner

    So you walk into a new company, get the lay of the land and then realise, crap! Their development processes are like they were design by a bunch of first-year uni students doing a group project.

    There is no DevOps to speak of. There are snowflake servers everywhere. Their git branching strategy is unmanageable. They run tests only every 3 or 4 releases. Their deployment is manual and different for each release. The have no real alerting.

    Ok. Take a deep breath! Calm down.

    So much to do, but where to start? The business has produced a list of improvement actions, but those actions are focussed around fixing the symptoms of the problems, not solving the root cause. The business does not understand that the path to DevOps improvement is complex and each task has many inter-relations and dependencies.

    This is the problem that I faced about a year ago. To overcome this, we went through a process of defining all of the DevOps tasks we could think of and mapped them into a dependency diagram. This diagram was useful to communicate both internal and external to the team.

    In this case study, I’ll go through the process to design the dependency diagram, but also our progress through the diagram one year later.

  • Liked Kelsey van Haaster
    keyboard_arrow_down

    Kelsey van Haaster / Robin Doherty - How not to make the news - Build security into your Agile project from the ground up.

    90 Mins
    Workshop
    Intermediate

    When a group of stakeholders and team members come together to plan a new product or feature, they often focus on identifying stories that deliver end user value through solving a business problem, delighting the customer or disrupting a competitor. While these are critical stories, they are not the whole picture. Every product has non-functional or cross-functional stories which must be played.

    Security stories are an important part of these but are often not considered at all. When they are considered, they are often an afterthought or are assumed to be part of the project infrastructure. Trying to bolt on security as an afterthought in this way is a mistake that can lead to disaster at one extreme, and compromises to reduce product usability or don't support good end-user security practices at the other.

    The challenge, of course, is that from the stakeholder perspective, security is not seen as a priority. This workshop is for software delivery teams who want to learn how to change this perspective and work with their stakeholders to help them to understand more about the importance of security. The goal is to help technical and non-technical stakeholders understand security and why it should be given priority and built into their product from the ground up. We show participants how to facilitate a structured meeting or workshop with their stakeholders where they use a simplified threat modelling technique to identify risks. The outcome is the identification of user stories (or evil user stories) which when played will mitigate identified risks.

  • Liked Mark Pearl
    keyboard_arrow_down

    Mark Pearl - What we've learned around teaching/mentoring graduates to become software developers

    Mark Pearl
    Mark Pearl
    Engineering Protege Manager
    MYOB
    schedule 2 months ago
    Sold Out!
    45 Mins
    Case Study
    Intermediate

    At MYOB we've been improving our graduate programme for software developers. Today I would like to share some of the insights we've gained over the last few years around how to do this better.

  • Liked Kelsey van Haaster
    keyboard_arrow_down

    Kelsey van Haaster / Peter Lam - Agile and Management - a conversation

    45 Mins
    Talk
    Advanced

    Agile was coined in 2001, building on techniques and methods from the prior 10 or more years. We know that (smaller) software projects are more successful with agile delivery methods than with staged approaches like the SDLC. So why is it that 18 years after a better was was identified that managers struggle to adopt agile in a meaningful way.

    This is a facilitated discussion - there are as many answers as there are people! So with the late afternoon timeslot - let's get together and have an interactive chat - with the intent that we all leave with some useful ideas, tools and techniques that we can apply when we get back to the office ...

  • Liked Alexis Stuart
    keyboard_arrow_down

    Alexis Stuart / Bob Martin - What Aren't You Seeing in Your Product Organisation? Lesson's Learned on Myer's Digital Journey

    45 Mins
    Case Study
    Intermediate

    At Myer, we’re well into our digital product journey. Although we still have plenty of work to do, we would like to start sharing our experiences in taking a Product centric approach to ensure we are delighting our customers and leveraging L.A.S.T practices to change behaviour and enable a positive outcome.

    In this discussion, we will look at where we started, where we are now, and what our future path might look like. Our hope is that we can help others avoid (or at least identify) some of the more common pitfalls, and to help others develop a proactive approach to navigating their digital product journey.

    Some topics for discussion may include:
    - How we are working on creating a Product-centric organisation, and why this is so important.
    - How focusing on the work that feeds the backlog(s) is just as important as the backlog(s) them self.
    - Experimenting with the Google '20% time' practice, and how this helps create a trusting and inclusive environment.
    - Constantly questioning the value of ideas, and initiatives. Like many organisations, there is no shortage of great ideas, but how do we make sure we are working on the most valuable ​at any given time?
    - What happens without a strong product organisation? For example, what happens when there is no product guidance for UX. Now that we are working on building out our Product practices - how can we ​start to develop a healthy tension between UX and Product?

    Experiences shared by Alexis Stuart, Digital Product Owner and Bob Martin, Agile Practice Lead.

  • Liked Jay Hyett
    keyboard_arrow_down

    Jay Hyett / Ruma Dak - 7 Habits of Highly Effective Teams

    30 Mins
    Talk
    Beginner

    In this talk Ruma and Jay will share seven habits of highly effective teams, based on their work at Envato. They'll also share some tips to help build the habits.

  • Liked Timothy Newbold
    keyboard_arrow_down

    Timothy Newbold - Why Objectives and Key Results (OKRs) is one of the worst kept secrets to organisational success

    Timothy Newbold
    Timothy Newbold
    Director of Strategy
    SKILLFIRE
    schedule 4 months ago
    Sold Out!
    90 Mins
    Workshop
    Intermediate

    Hearing a lot about Objectives & Key Results (OKRs), but still a little unclear what they're about? Maybe you're hearing all the chatter and it's tweaking your interest! Well, join me for a farside chat and all will be revealed.

    In this session we'll get under the hood of OKRs to understand the history, the core concepts and cut our teeth in a manner which allows us to take them back to our teams for further exploration.

    At minimum, you'll walk out of the session with some clear goals for the coming quarter!

  • Liked Renee Troughton
    keyboard_arrow_down

    Renee Troughton - Agile Consulting with the big end of town

    Renee Troughton
    Renee Troughton
    Enterprise Agile Coach
    BCG
    schedule 2 months ago
    Sold Out!
    30 Mins
    Talk
    Beginner

    Prepare for a contentious and deeply personal story.

    I was an Enterprise Agile Coach. I am now a Consultant. But can I be both?

    Discover why I made the leap to "the other side", what I have learnt in the process and why, if we don't do something soon, Agile in Australia risks imploding.

  • Liked Charlotte McKinnon
    keyboard_arrow_down

    Charlotte McKinnon / Dirk Driessen - Agile Product Road Mapping - combining strategy, vision, passion and direction

    45 Mins
    Talk
    Beginner

    Product Road Mapping can be a challenge for those that are new to this and also for those that are experienced. Conventional product road mapping models have several limitations. We will explore how various Agile Product Road Mapping approaches and models can provide relevant information and direction to different stakeholder groups that are responsible for product development.

  • Liked Sue Hogg
    keyboard_arrow_down

    Sue Hogg - Context is king! A systems thinking approach to further understand your company context...

    Sue Hogg
    Sue Hogg
    Group Program Manager
    carsales.com.au
    schedule 2 months ago
    Sold Out!
    45 Mins
    Talk
    Beginner

    Ever wondered what on earth is going in your company? Your team? The system of work? Are people acting crae-crae? Is there conflict? Are there pockets of super awesomeness & pockets of unhappiness? Are people pulling in different directions?

    In this talk, I will run through my systems thinking approach and experiences to unpacking and diagnosing a company, it’s context, it’s practices and it’s people.

    If nothing else, this talk may help you with making the invisible more visible and may lead you to be even more situationally aware of the context you have found yourself in!

  • Liked Emily Jaksch
    keyboard_arrow_down

    Emily Jaksch - Rise the New Millennial

    45 Mins
    Talk
    Advanced

    The current Millennial narrative is getting pretty old and whilst some are still complaining that Millennials are lazy, selfish and entitled most people have started to realise they are shaping the world around us. It’s time to reframe the dialogue and meet the new Millennial and based on a recent study Millennials are not who we think they are. The new Millennial characteristics according to research include Disruptors, Changemakers, Demanding, Ethically and Socially Minded, Progressive thinkers & Entrepreneurial just to name a few. Furthermore, there are plenty of Millennial Rainmakers shining a light on how they are disrupting industries and changing the business world as we know it. Think Ruslan Kogan, 36-year-old Founder of Kogan.com, Nicholas Molner 28-year-old Founder of Afterpay & Kayla Instines 28-year-old Fitness Mogul who is reportedly worth a cool $486M just to name just a few Aussies. It’s time to move over and get out of the way, the new wave of Millennial Entrepreneurs has arrived.

  • Liked Beatriz Guevara
    keyboard_arrow_down

    Beatriz Guevara - Hacking HR: Co-creating Agile Workplaces

    Beatriz Guevara
    Beatriz Guevara
    HR Hacker
    Hacking HR
    schedule 2 months ago
    Sold Out!
    30 Mins
    Talk
    Intermediate

    Humanising workplaces in this digital era is only possible if HR and technology leverage from each others' skills and expertise. Let's re-define work together!

  • Liked Cathy Jamshidi
    keyboard_arrow_down

    Cathy Jamshidi - User adoption: selling the story to developers

    Cathy Jamshidi
    Cathy Jamshidi
    Sr. Business Analyst
    DigIO
    schedule 2 months ago
    Sold Out!
    30 Mins
    Talk
    Beginner

    User adoption is one of the most challenging things about projects. When they are consumer facing applications, you can measure your success through the number of click throughs, time spent by users reading pages or product purchases, money they spend. Consumers want to use your product because it fulfils a need or a want. Conversely, when a product or service is required out of obligation, regulation or to maintain a standard, and it doesn’t necessarily fit a need or a problem they’re trying to solve, then consumers don’t want to use the goods or services.

    Welcome to the world of application security. Application security is sexy in theory, hacking at systems, breaking in, being a rebel without a cause, but what happens when you try and roll application security tooling out to hundreds of developers where many of them have less than no interest in embedding another tool into their software delivery lifecycle? How do you keep it sexy, interesting, engaging and make them want to use it?

    This is the story of how we rolled out appsec tooling to developers, our wins, our failures, and the rollercoaster journey we went through. The aim is to provide some insight into how different behaviours influence user adoption and hopefully some takeaways you can use when you're involved in such projects, either as part of a delivery team or conversely as an end user

  • Liked Chris Chan
    keyboard_arrow_down

    Chris Chan - Growing your Agile Mindset by Overcoming Your Immunity To Change

    Chris Chan
    Chris Chan
    Adaptive Leadership Coach
    ANZ Bank
    schedule 4 months ago
    Sold Out!
    90 Mins
    Workshop
    Beginner

    Due to requests and feedback, this is a repeat of last year's session for those who missed it.

    How do you develop an agile mindset? You can't teach it, but you can grow it by changing your beliefs.

    In this session we will cover a brief introduction to the research by Kegan and Lahey where they discovered that behind each of our habits is a strongly held belief that not only keeps us in our groove, but also fights any change that threatens the status quo.

    We will discuss why personal growth and increasing our mental complexity is so important for agile and business transformations in today's VUCA world to succeed.

    We will create your Immunity To Change Map which is a simple way to bring to light the your personal barriers to change. We will start by outlining your commitment to an improvement goal. Then we will sketch out the things that you are either doing or not doing that prevent progress towards the achievement goal. The Map then identifies competing commitments, as well as the big underlying assumptions behind those competing commitments.

    The objective is to pinpoint and address whatever beliefs and assumptions are blocking you from the changes you want to make.

    You will leave this workshop with a better understanding and tools to overcome the forces of inertia and transform your life and your work.

  • Liked Jessica
    keyboard_arrow_down

    Jessica - Why things fail

    Jessica
    Jessica
    Product Manager
    Equal Experts
    schedule 2 months ago
    Sold Out!
    30 Mins
    Interactive
    Beginner

    Why did the iPad make it but Google Glass cost google $900million?

    In this new world of unicorns, upstarts and silicon roundabouts, it's easy to get caught up it making it, but how do we effectively and responsibly innovate?

    In this interactive session, we will look at case studies over the last 80 years of some of the biggest product flops; what went wrong and which companies went on to recover. The intention is to explore what not to do; the untold stories of success and leave with a refreshed understanding of why failure is critical in the pursuit of innovation.

    Join me to create you own innovation equation to take into your work, own ideas and everyday life.

  • Aurelien Marando
    Aurelien Marando
    Agile Coach
    -
    schedule 3 months ago
    Sold Out!
    45 Mins
    Workshop
    Beginner

    Facilitation is among the most important skills for Scrum Masters and Meeting Leaders. This highly interactive 45 minutes workshop session intend to provide any individual with an understanding and a toolset to create and structure their own meetings and workshops. Master the art of facilitation in only 45 minutes.

  • Liked Jochy Reyes
    keyboard_arrow_down

    Jochy Reyes / Simone Hambrook - Down the rabbit hole: the 'wonderland' of one of Australia's biggest Agile "transformation"

    45 Mins
    Talk
    Intermediate

    “We’re all quite mad here! You’ll fit right in.” - Mad Hatter, Alice in Wonderland

    In 2017, ANZ, a 180+ year old bank made an official announcement that it will embark an organisation-wide change program to adopt Agile and transition 13,000 of its employees to this new ways of working. Like many others I found this interesting, commendable and quite frankly a bit crazy.

    Fast forward to January 2019, we find ourselves joining the Mad Hatter's tea party and frankly going mad ourselves.

    What is it like down the rabbit hole? Who are the interesting characters we have met so far, are they allies or foes? The Queen of spades? the Cheshire cat? What lessons have we learned so far in this adventure?

    “Curiouser and curiouser.” - Alice, Alice in Wonderland

    Curiouser and curiouser you must be..

    If you're curious about coaching at scale, the challenges of breaking down silos and bureaucracy in the bank and a preview of how it is to work with 60+ coaches in one division, this talk is for you.

    There will be storytelling, laughter and the rolling of eyes not heads. We will share tools and techniques but more importantly there will be lessons learned.

    Here is to ANZ, the rabbit hole and Alice!