DIY Security for the Amateur Superhero

Explore DIY security approaches for application and operations environments in this 58-minute conference talk. Learn to become a security superhero by managing vulnerabilities, integrating security into builds, and implementing effective monitoring strategies. Discover how to defend against elegant attacks, navigate the challenges of the internet's toxic landscape, and protect your data using engineering skills. Gain insights into password management, dependency checking, and choosing appropriate security tools for various components of your system. Understand the importance of admitting mistakes, fostering a blameless security culture, and preparing for incident response. Delve into topics such as OWASP guidelines, cloud tools, API security, and the complexities of custom filter languages. Acquire practical knowledge to tackle security challenges and safeguard your applications in today's digital world.

DIY SECURITY FOR THE AMATEUR SUPERHERO
the internet is a festering pool of toxic waste
somebody probably wants to do bad things to your computer
You are part of the problem
Listen to people (like OWASP and Troy Hunt)
Admit your mistakes (perfect people are liars)
Use a password manager (and here's why...)
not all technologies have mature libraries, frameworks and documentation
Oh noes.. a wild demo appears OWASP Dependency Checker Libraries.io
You won't see it coming (if you're not looking)
Choose the right tools for the job you are doing
ALL the things... Application Database Operating system Border devices Cloud tools
Which of your tools is you destruction?
Be kind demo gods... please LastPass Lambda Logs Sumo Siemonster and ELK
Other people's APIs make kittens cry
Complexity and fragmentation can be the cost of DIY
Custom filter languages are real
You are not John McClane (Incident Response skill isn't innate)
we need Blameless Security Culture