CHCon Training - Building Security into your Development Team(s)

CHCon is being coordinated by a collaboration of security professionals from Canterbury. Many of them organise security groups which meet regularly in Christchurch. Follow us on Twitter as@CHCon_nz; email us atcontact@chcon.nz.

CHCon

Level: Intermediate
Duration: Full Day
Trainer: Kim Carter (<A HREF="https://binarymist.io/" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">BinaryMist</A>)
Cost: $500+GST ($575). Nonprofits, beneficiaries, contractors $200+GST ($230). Students $100+GST ($115)
Contact <A HREF="https://twitter.com/binarymist" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">Kim</A> with proof for discount codes.
Brief
Kim will lead the class through the tools, techniques and thought processes of both red and blue teams along with how to combine these attributes into the purple team focussing on security, productivity, and tasked with continuously delivering sustainable maintainable technical solutions to market.
Kim will explain the roles of 'T' shaped professionals, including placement of security champions to create your purple Development Team(s).
We will work through how to implement the Sensible Security Model (SSM) within each and every Sprint, including:
<OL>
<LI>Creating actionable countermeasure Product Backlog Items</LI>
<LI>Integrating them into the same Product Backlog that your Development Team has been pulling business focussed items from</LI>
<LI>Ordering them based on the risk ratings you create for each</LI>
</OL>
Kim will discuss how and where Agile Development Teams often fail, along with how to succeed with security with a <A HREF="https://blog.binarymist.net/2014/01/25/essentials-for-creating-and-maintaining-a-high-performance-development-team/" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">familiar anecdote</A>. Then augmenting your Scrum process within each and every Sprint, with a collection of development focussed <A HREF="https://leanpub.com/holistic-infosec-for-web-developers/read#process-and-practises-agile-development-and-practices" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">processes and practises</A>, tools and techniques that have proven their value at drastically reducing defects before production deployment.
Kim will walk us through the SSM threat modelling process with theory and hands on exercises in areas such as Physical, People, VPS, Network, Cloud and Web Applications. Including sub topics such as Docker, Serverless, PowerShell and many others.
 
<H4>More Detail</H4>
Training material will be augmented with Extracts from Kims interviews on Software Engineering Radio with security experts such as Diogo Mónica (Docker Security Team Lead) and Haroon Meer (creator of Canary tools and tokens).
Copies of the first two parts of Kims book series "Holistic Info-Sec for Web Developers" (weighing in at aprx 700 pages) which this training is based on, will be provided as: companion course material to accompany the training, ongoing self learning, and as a valuable reference resource long after the training has finished.
 
<H4>Learnings</H4>
Coverage of topic chapters
<UL>
<LI><A HREF="https://leanpub.com/holistic-infosec-for-web-developers/read#physical" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">Physical</A></LI>
<LI><A HREF="https://leanpub.com/holistic-infosec-for-web-developers/read#people" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">People</A></LI>
<LI><A HREF="https://leanpub.com/holistic-infosec-for-web-developers-fascicle1-vps-network-cloud-webapplications/read#vps" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">VPS</A></LI>
<LI><A HREF="https://leanpub.com/holistic-infosec-for-web-developers-fascicle1-vps-network-cloud-webapplications/read#network" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">Network</A></LI>
<LI>Cloud (published before training)</LI>
<LI><A HREF="https://leanpub.com/holistic-infosec-for-web-developers-fascicle1-vps-network-cloud-webapplications/read#web-applications" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">Web Applications</A></LI>
</UL>
 
<H4>About the Trainer</H4>
Technologist / Engineer, Information Security Professional, Entrepreneur and the founder of <A HREF="https://binarymist.io/" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">BinaryMist</A> Ltd. OWASP NZ Chapter Leader. Certified Scrum Master. Facilitator, mentor and motivator of cross functional, self managing teams. With a solid 15 years of commercial industry experience across many domains, Kim enjoys teaching others how to apply information security to their Agile processes, bringing the security focus up front where it's the cheapest to implement, increasing profit and reducing costs. Co-organiser of information security conference <A HREF="https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2017" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">OWASP NZ Day</A>, International <A HREF="https://blog.binarymist.net/presentations-publications/" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">trainer, speaker</A> published author, and <A HREF="http://www.se-radio.net/team/kim-carter/" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">Software Engineering Radio</A> podcast host, focusing on 
<UL>
<LI>Software and network architecture</LI>
<LI>Web development and engineering</LI>
<LI>Information security</LI>
</UL>
 
Kim is also a regular blog poster at <A HREF="https://blog.binarymist.net" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">blog.binarymist.net</A>. Kim loves designing and creating robust software and networks, breaking software and networks, then fixing them and helping organisations increase productivity.

UCSA Events Centre

Our {communityGuidelinesLink} describe the sort of content we prohibit on Eventbrite. If you suspect an event may be in violation, you can report it to us so we can investigate.

To report other categories of prohibited or illegal content, submit {link}

CHCon Training - Building Security into your Development Team(s)

More events from CHCon

Discover more events from CHCon, from Science & Tech to other experiences you might love.

CHCon Training - Building Security into your Development Team(s)

More events from CHCon

Discover more events from CHCon, from Science & Tech to other experiences you might love.

More Science & Tech events

Browse more Science & Tech events with different dates, prices, and formats to find your next great experience.