Friday August 24 2018, Security and Privacy Track, Cockle Bay, 11:10 AEST


We all want the systems we design and build to be secure, but it can be hard to know where to start. Using historical fortifications as real-world examples, this talk will break down and demystify how security controls can be selected, evaluated and integrated to build architecturally secure systems


We’re all building castles, but how well will they stand up under siege?

Assembling individual controls into a unified, secure architecture can seem daunting, but doesn’t have to be.

Infosec folks like to go on about Threat Modelling and Risk Assessment, but these count for nothing unless their outcome is an actually secure system design. In a world where budgets are constrained by time and resources, we can only implement a limited subset of possible security controls when building systems.

Using various historical fortifications as easy to understand real-world examples, this talk will show you how you can assemble security controls using a simple framework and criteria. This framework can be applied by anyone who designs, builds, evaluates, or attacks systems on any scale, from individual software components to enterprise architecture.

This framework will be illustrated by applying it to a simple example Django web application.


Watch 'Security Architecture from Ancient Times' on PyCon AU's YouTube account

Liam O

Liam O
Assurance Pty Ltd
@liamosaur


Liam is a former developer turned pentester. His passion is not just breaking systems, but providing empathetic and actionable advice on how they can be improved. Liam is Director of Consulting at Assurance and is a duck enthusiast _o<