This was a busy week but once again the Open Security Summit proved why it is one of my favourite events on the security calendar. There is now a huge list of content recorded at the the summit and during the training sessions available for free, I will be returning to this over the next few months.
I let Dinis Cruz talk me into doing way too much 🙂 But I enjoyed the process and was made to look a lot better than I am by Robin Oldham, Alan Jenkins and Mario Platt among others. I had some great conversations and made some new contacts with similar interests.
My first presentation with Robin was on sharing how I’ve used Threat Personas and done simple Application Vulnerability Scoring for triage and prioritisation. The full talk is here:
We have uploaded the presentations and the working materials to the followin repositories and will work to develop these based on the feedback we received.
Threat Personas: https://github.com/cydea/threat-personas
Application Vulnerability Scoring: https://github.com/oracuk/vsort
I then took part in an active and wide ranging conversation on applying risk to Wardley maps led by Alan. We diverged quite quickly from the main topic but much fun and insight was had by all 🙂
I was part of another high-octane conversation about risk and error budgeting but I don’t see the video for that yet.
I was taken out mid-week by a temperature and headache but lept back into action presenting with Robin again on the Open Information Security Risk Universe (OISRU). My previous post from when I started thinking about Risk Universes in Information Security is here. Robin led on this and did a great job as did Petra Vukmirovic who very ably brought some experience of graphing to the session:
We added the presentation materials to the OISRU github repository here: https://github.com/oracuk/oisru
I rounded off the week assisting Mario who delivered a storming session on Complexity in Cybersecurity and using the Cynefin framework. I’ve previously written about Cynefin in Cyber here. This is excellent and well worth a watch:
The Open Security Summit is an amazing event and the organising team should be very pleased with what they’ve achieved. I’ll be there next year without fail.
If we diverged too far from the main theme, Using Wardley maps to apply risk, that was on me as the Facilitator and I apologise! I did enjoy the discussion, though. And gleaned much from the OISRU session that you, Petra and Rob ran. Thanks to you all.