Track 1
|
Philippa Carnelley (She/Her)Track Host for track 1UX Designer at Flybe |
Philippa is part of the Digital Exeter organising team, and works closely with TechExeter in putting on tech + digital events across the region. BioPhilippa is a design thinker and creative problem solver. As UX designer at Flybe she focuses on creating visually stimulating user centric interactions through clever design solutions. Experienced at working within several software and digital environments, her keen eye for detail and interest in user behaviour makes UX design the perfect fit. As host and organiser of Digital Exeter alongside Sarah Marks, Philippa expands her knowledge to build a digital community that is diverse, inclusive and exciting. Her goal for the next year is to create a stronger network, inside and outside of Digital Exeter, through collaboration workshops and skill sharing. Stay tuned! | |
|
Andi Hudson (He/Him)Keynote Presentation, 30 minutes / Track 1 / 09.30Cloud Security Architecture Lead at IBM Security
|
||
How do you secure a cloud?What is the cloud, how do you secure it and what happens if it blows away? This talk demonstrates the shared responsibility between clients and cloud providers, with some interesting facts and war stories along the way. Session takeaways
Bio20 years in industry with >30 years of tech experience, Andi leads a team of growing cloud security architects at IBM. Passionate about ethics, neural diversity and technology, Andi loves supporting the InfoSec community by helping to build a better brighter tomorrow! | |||
|
Caroline Clark (She/Her)Talk, 30 minutes / Track 1 / 10.00Operations Director at KETS Quantum Security
|
||
Quantum CommunicationsQuantum Technologies are moving out of the lab and into the big wide world. I’ll discuss the UK investment in quantum tech and how it is now moving from a laboratory environment in academia via a growing community of startups and spin outs - particularly in the South West. I’ll also touch on our own journey as a young quantum communications company and the challenges we currently face. Session takeaways
| |||
|
Vicky Hunter (She/Her)Talk, 30 minutes / Track 1 / 10.30Entrepreneur Engagement Manager at Tech Nation
|
||
How to Hack the Tech EcosystemStarting your own company can be daunting however there is a lot of support out there. This talk will highlight some great resources for founders and help them navigate the increasingly busy world of support for startups and scaling businesses. Session takeaways
BioVicky started her career at the heart of London's growing tech scene, running events and making connections from the Central Working Cafe in Google Campus. She joined 3beards to further support the tech startup ecosystem through a portfolio of different events, content and Unicorn Hunt, a transparent jobs board for roles within tech, which was sold in 2017. After two years of freelancing and travelling, Vicky moved to Bristol and joined Tech Nation as their Entrepreneur Engagement Manager for the South West where she is now on a mission to know everything and everyone in tech. | |||
11.00 Break
|
Alasdair AllanTalk, 45 minutes / Track 1 / 11.30Consultant at Babilim Light Industries
|
||
The Demise of Big Data — Making Intelligent Insights at the EdgeThe current age where privacy is no longer “a social norm” may not long survive the coming of the Internet of Things. Big data is all very well when it is harvested quietly, silently, and stealthily behind the scenes. To a lot of people, the digital Internet still isn’t the as real as the outside world. But it’s going to be a different matter altogether when your things tattle on you behind your back. The recent scandals and hearings around the misuse of data harvested from social networks has surfaced long standing problems around data privacy and misuse, while the GDPR in Europe has tightened restrictions around data sharing. However the new generation of embedded devices, and the arrival of the Internet of Things, may cause the demise of large scale data harvesting entirely. In its place smart devices will allow us process data at the edge, making use of machine learning to interpret the most flexible sensor we have, the camera. Interpreting camera data in real-time, and abstracting it to signal rather than imagery, will allow us to extract insights from the data without storing potentially privacy and GDPR infringing data. While social media data feeds provides ‘views’, lots of signal, it provides few insights. Processing imagery using machine learning models at the edge, on potentially non-networked enabled embedded devices, will allow us to feedback into the environment in real time closing the loop without the large scale data harvesting that has become so prevalent. In the end we never wanted the data anyway, we wanted the actions that the data could generate. Insights into our environment are more useful than write-only data collected and stored for a rainy day. Session takeaways
BioAlasdair Allan is a scientist, author, hacker, maker, and journalist. An expert on the Internet of Things and sensor systems, he’s famous for hacking hotel radios, deploying a 500-node mesh sensor network at Google I/O, and for revealing, back in 2011, that Apple’s iPhone was tracking user location constantly. He has written eleven books, and writes regularly for Hackster.io and other outlets. A former astronomer, he also built a peer-to-peer autonomous telescope network that detected what was, at the time, the most distant object ever discovered. | |||
|
Peter JonesTalk, 45 minutes / Track 1 / 12.15Senior Information Security Consultant at 3B Data Security
|
||
Practical Digital Forensics when everything is ablazeWhen everything is going wrong, you want to get everything fixed as soon as possible. Think about investing time into full preventative messages by engaging in a digital forensic process. Get an understanding of what digital forensics involves and how it can improve how your organisation handles incidents. Session takeaways
BioCyber Security and Digital Forensics professional for over 10 years including auditing, forensic investigations and incident response. Co-Founder of the South West Cyber Security Cluster and the owner of a number of businesses. Qualified university lecturer and author of a number of accredited cyber security courses. | |||
13.00 Lunch
|
Janet Bastiman (She/Her)Talk, 45 minutes / Track 1 / 14.00Chief Science Officer at Storystream, MMC Ventures
|
||
Reject the evidence of your eyes and earsThe pace of advancement in AI has never been higher. Recent steps forward in image and video generation have the power for both good and bad. Fakes used to be an incredible amount of effort, and required high levels of skill but are now easy enough for anyone with a computer to create. It will soon become impossible to tell whether what you are seeing is real or fake. What are the implications for news agencies being fooled, or for law enforcement? I’ll show you how these fakes can be created and what hope we have for distinguishing truth from fiction in our digital future. Session takeaways
BioJanet heads up the Artificial Intelligence division at StoryStream and is an AI Venture Partner at investment firm MMC ventures. As an experienced C-level professional, she helps start-up companies build their AI strategy to saleable products. Janet regularly speaks and writes on technical subjects. | |||
|
Dan WisemanTalk, 45 minutes / Track 1 / 14.45Company Director at Web Wise Media
|
||
** Is WordPress a secure platform?Due to sickness, this talk replaces Daniel G Cabrero’s “Personas & Anti-Personas for Hacking & Anti-Hacking” talk. Being the most popular website platform on the planet, WordPress has got a lot going for it. That doesn’t mean that it isn’t prone to hacking and other malicious attacks. This talk looks at some of the simple mistakes to avoid to ensure you keep WordPress as safe as possible. Session takeaways
BioI am the founder of multiple businesses including Web Wise Media: a web design & marketing agency based in Exeter and London. I provide coaching for new businesses and entrepreneurs and support for digital strategy, professional development and SME growth. Outside of Web Wise Media, my experience includes: founder of an immersive experience company, founder of a video games blog, investor, web developer, video game designer and developer, entrepreneur, property developer, theatre technician, stage manager and lighting operator. | |||
15.30 Break
|
Guy BuesnelTalk, 30 minutes / Track 1 / 16.00PNT Security Technologist at Spirent
|
||
Trust but Verify - When GPS can go wrongThis talk will be a somewhat expanded version of the 2018 lightning talk that was given at a Tech Exeter meet up evening - it will provide a short overview of GPS along with an introduction to its vulnerabilities. Following this, a series of real-world incidents will be presented along with the known impacts on user systems. Incidents will include known GPS jamming and spoofing incidents as well as segment errors and the week number roll over issue that has already caused some disruption to systems in April 2019. The presentation will also highlight the importance of putting into place an effective risk mitigation strategy and how to use it to provide cost effective risk mitigation against some of the threat vectors. Session takeaways
BioGuy has more than 19 years’ experience working protecting GNSS Receivers from emerging threats , having started his career as a Systems Engineer involved in the development of GPS Adaptive Antenna Systems for Military Users. Guy is Spirent’s specialist technologist on PNT threats and mitigation. Guy holds a BSc Honours degree in Physics with Atmospheric Physics and a Master’s Degree in Communications Engineering. Guy is a Chartered Physicist and a Fellow of the Royal Institute of Navigation. | |||
17.00 Closing Ceremony / Prizegiving
17.30 Group Photo
Track 2
|
Tamsin Hodge (She/Her)Track Host for track 2Product Owner and STEM Ambassador team lead at UK Hydrographic Office |
We’re proud to have Tamsin return to the conference, not as a speaker this time but a track host, looking after the HACK track. BioMy journey into a digital career has evolved from my love of science, nature, working with people and having an inquisitive mind keen to learn new things. After leaving university with a degree in Biochemistry and an aspiration to move into scientific and technical writing I worked as a journalist, and then as a News Editor running a news desk of teams of reporters and photographers, on weekly and daily newspapers in the regional press in the South West of England for a little over 10 years. At the same time I ran a series of successful fundraising campaigns in collaboration with charities and our local community for much needed outreach cancer care nurses to support the terminally ill and mobile Life Education classrooms for children aged 5 – 10 to learn about sex education, drugs and alcohol in a responsible way to help them prepare for adult life. I moved on from journalism into a marketing and product focussed role to gain more experience of running campaigns, managing customers and portfolios of products, organising conferences and creating digital services, and studied part-time to gain a post graduate degree in marketing with the Chartered Institute of Marketing. From here I joined the UK Hydrographic Office in Taunton, initially working in the Corporate Communications department before taking on various roles in developing and delivering digital products and services to market. I’ve been at the UK Hydrographic Office for 11 years now and I’ve had the opportunity to grow my experience and evolve my career over that time, which is how I ended up in the Product Owner role I have today. My role is part of a team working with digital tools and technologies to create services to gather, process, store and serve up marine data from all over the world so it can used to help people manage, live and work within the marine environment. The data we work with is geospatial, which means it’s three dimensional to capture the geographical location (north, south, east, west) and vertical depth and height of information about the world’s oceans, tides, marine life, coastlines and manmade structures such as offshore wind turbines and fish farms. More details about my digital, technology and STEM journey are in this Blog here, which I was asked to write as part of a global campaign run by Geeky Girl Reality to profile inspirational female role models working in STEM careers: https://www.geekyreality.com/blog/stemstories-tamsin-product-owner-england/ | |
|
Achim BruckerTalk, 45 minutes / Track 2 / 10.00Professor in Cybersecurity / Software Security Expert at University of Exeter
|
||
Hacking (Not So) Smart Things 101More and more devices of our daily life are "smart" ranging from smart light bulbs to smart TVs to smart fridges -- everything can, and most likely will be, in the future connected to the Internet. More and more people are already used to remotely controlling their heating at home using their smart phone. In this talk, we will, using smart home automation as an example, explain simple techniques for hacking (not so) smart devices. (If the demo gods are friendly, the session will include some live hacking) Session takeaways
BioAchim D. Brucker (www.brucker.uk) is a Professor (Chair in Cybersecurity) at the University of Exeter, UK. Prior to that, he was a Senior Lecturer at the Computer Science Department of The University of Sheffield, UK. He leads the research in software assurance and security (logicalhacking.com). Until December 2015, he was the global Security Testing Strategist at SAP SE, were, among others, he defined and implemented the security testing strategy for over 27000 developers world-wide. SAP's risk-based security testing strategy of SAP that combines static, dynamic, and interactive security testing methods and integrates them deeply into SAP's Secure Software Development Life Cycle. He also was involved in the security checks for SAP's outbound and inbound Open Source process.
| |||
11.00 Break
|
Sam Vine (He/Him)Talk, 30 minutes / Track 2 / 11.30Associate Professor Psychology at University of Exeter
|
||
Futures made of virtual reality - Hacking VR for learningThe talk will describe and discuss our research and work relating to the use of VR training for high risk and safety critical industries. A particular focus will be the use of VR for hazard perception and threat detection in the Nuclear and Police industries. We will describe the entire process from developing the VR environment using psychological theory, to testing and validating it using human physiological measures. Session takeaways
BioI am a Psychologist, with a broad range of interests in the area of skill learning, expertise and performance under pressure. I am particularly interested in how visual attention and other physiological processes mediate motor skill and decision making performance. I apply my research to a range of different domains (e.g., sport, surgery, military, and aviation) and populations (e.g., children, elite performers and patient groups). I am interested in eye tracking and virtual reality technology. | |||
|
Gavin Buckingham (He/Him)Talk, 30 minutes + hands on session / Track 2 / 12.00Senior lecturer at University of Exeter
|
||
Hacking human perception - illusions and virtual realityIn this session, I will highlight how our brain scaffolds our perception of the world around us, with a particular focus on how our experience of objects' properties can be readily manipulated. I'll describe my research on weight illusions, including recent work I have undertaken using immersive virtual reality to make objects feel heavier or lighter than they actually are. Finally, I'll lay out a roadmap for how it is a better understanding of human perception, rather than advances in computing hardware, which will be key to the next generation of immersive technologies. Session takeaways
Bonus pic!
BioI received my PhD in psychology from the University of Aberdeen in 2008, after which time I moved to Canada to work as a postdoctoral fellow at the Brain and Mind Institute at Western University. During this time, I began to study human visual and haptic perception, with a particular focus on our experience of how heavy things feel when we interact with them. I moved to the University of Exeter in 2016, and am currently a senior lecturer in the Department of Sport and Health Sciences. | |||
13.00 Lunch
|
Pete WoodwardTalk, 30 minutes / Track 2 / 14.00Co-founder & CTO at Securious
|
||
The anatomy of a payment card breachFar too many businesses are unaware that it is mandatory to comply with the Payment Card Industry Data Security Standard (PCI DSS) if they accept credit card payments. This is a huge blind-spot and it is putting businesses in the South West at risk of attack. Many organisations are under the misguided belief that using PCI compliant payment providers such as Sagepay, Stripe or Worldpay confers PCI compliance on their business. Businesses failing to comply with PCI DSS are at risk of large fines, and the very real prospect of an inability to trade, should payment providers terminate their service due to non-compliance, or more seriously, experience a card breach In this discussion Pete will look at some examples of how some recent breaches have happened and what simple controls could have been put in place to prevent them. Session takeaways
BioPete comes from a military background, and has worked on security projects in the public and private sectors. His experience is backed up with leading security and network accreditations, such as PCI QSA, CISSP, CEH, along with TOGAF v9 certification. Pete cemented his passion for cyber security and co-founded the South West Cyber Security Cluster with the vision to establish a ‘Centre for Cyber Excellence’ in the South West. | |||
|
Roz Woodward (She/Her)Talk, 30 minutes / Track 2 / 14.30Co-founder & CEO at Securious
|
||
Why we need diversity in cyber security - for everyone’s sake!There is a real and present skills shortage in the cyber security industry. Currently, there are some amazing young people undertaking computer science and information security degrees, but when they enter the workforce they still lack the business insight that comes with experience. They also tend, very generally, towards a certain demographic (approximately only one in five, for example, are women), and most are very young. Bringing these young people into the sector is great and should be encouraged, but it is also a problem in several ways: we already have a skills shortage and the failure to widen the net is giving us a reduced pool of potential candidates. We also end up with people whose experience of life and the world is very similar. In this session, we will explore how threats are better mitigated when you have people from a range of ages and backgrounds looking out for them. We will also consider how we can encourage more people into the industry, especially those who currently might feel it is not for them. In particular, we will look at some of the most valuable transferable skills that we should be looking out for. Session takeaways
BioRoz Woodward is CEO and co-founder of Securious, the South West’s leading cyber security company. She is an experienced professional who is passionate about cyber security and is on a mission to raise awareness and help organisations mitigate their cyber security risks. She is especially keen on helping translate technical issues in a non-technical way. Roz is a founding light in the South West Cyber Security Cluster and liaises regularly with the police and other authorities on the latest cyber security issues affecting businesses. Roz is a qualified accountant and has considerable experience working within organisations at senior management and board level, and as an ISO 27001 Lead Implementer and GDPR practitioner, understands the value of sensitive data and the importance of securing systems and developing strong policies and procedures. Roz is a keen runner, having completed several marathons and numerous half marathons, and enjoys muddy trail runs with their dogs. | |||
|
Geoff Revill (He/Him)Talk, 30 minutes / Track 2 / 15.00Tech entrepreneur at Krowdthink Ltd
|
||
Building an unhackable social platformSounds implausible? not quite. Sure, any system can be taken down, the key question is whether personal data is lost. Article 25 of the GDPR demands we build platforms while seeking to to minimize personal data use. If you decide to make data minimization your point of innovation, you can, amazingly, build a social platform with almost zero personal data (in our case study, 5 maximum!) In this paper we will discuss how to build valuable functions without collating personal data. We will discuss what Mozilla calls ‘lean data’ systems and how to build them, thereby making your system cybersecure by design, and beneficially also being easy to slip through the quagmire of GDPR regulations. Session takeaways
BioGeoff has 35+ years tech experience at every level, from programmer, system designer and architect thru to product management and marketing of high tech innovations. He also has a high degree of understanding of the tightening regulatory environment and how to work within it yet keep innovating cyber-securely. | |||
15.30 Break
|
Nicola Whiting (She/Her)Talk, 45 minutes / Track 2 / 16.00Chief Strategy Officer at Titania Group
|
||
A.I. Diversity, Discrimination and Nation State DefenceWith an increasing skills gap, a wave of autonomous attacks and increases in cyber crime - police, military, governments and global enterprises are asking industry to deliver “self-developing governance and defence systems”. Nicola Whiting discusses A.I.’s failures, whether we risk a ‘rise of the machines’ style “Judgement Day” and what is needed to transform the A.I. industry and the future of autonomous enterprise security. She will inspire delegates to champion ‘accuracy in automation’ in their own business/organisation, to finally. Learning Outcomes:
Session takeaways
BioNicola Whiting is Chief Strategy Officer and co-owner of Titania Group, she is also an Amazon best-selling author and is listed in SC Magazine’s Top 20 most influential women working in cyber security. In 2019 she was honoured to receive the UK’s inaugural “National Cyber Citizen Award” for her “outstanding contribution to the world of cyber security and protection” and AFCEA Internationals’ prestigious “Sparky Baird Award” for her thought provoking pieces on A.I. and Autonomous Weapons. Neurodiverse, she advocates for diversity in all forms, believing it will lead to broader and ultimately better solutions to our most pressing issues – in cyber security, business, and in life. | |||
17.00 Closing Ceremony / Prizegiving
17.30 Group Photo
Track 3
|
Lucy Knight (She/Her)Track Host for track 3Lead Data Scientist at Food Standards Agency |
We’re proud to have Lucy return to the conference, not as a speaker this time but a track host, looking after the DEVELOP track. BioLucy is Lead Data Scientist at the Food Standards Agency, and cofounder of the Open Data Institute node ODI Devon and tech start-up The Data Pace. She worked first in fine arts and then in opto-electronics manufacturing, where she developed an interest in data analysis and information management, moving into public sector performance and policy management in 2001. She held various roles at Devon County Council, including Open Data Lead, before moving to the Civil Service in 2018 to take on her current post. Building on her experience of working at the extreme ends of the technical/creative spectrum, she advocates for better communication between technical and non-technical groups and the importance of making technological advances both useful and accessible. Lucy is a regular facilitator and speaker at open data and transformation events, conferences and unconferences across the country. | |
|
Seb Coles (They/Them)Talk, 45 minutes / Track 3 / 10.00Expert Software Engineer at UK Hydrographic Office
|
||
Developer Threat ModellingThere isn’t a single vulnerability in the OWASP top ten that couldn’t have been avoided with a conversation. A simple conversation to discuss what could go wrong with the piece of work that a team was about to undertake, what to spot in the code review and what the tester could have done to validate the control. So, before we start talking about static analysis tools, automated fuzzing, scanning, penetration testing and various other tooling – can I ask, are you even having the conversation yet? In this talk I will share my experiences at the UK Hydrographic Office, where I work with a variety of agile teams to promote secure development practices. I will share with you DTM (Developer Threat Modelling) which is a developer-centric and fast form of threat modelling. I believe through a process of setting expectations, developer focused threat modelling, driving out useful security criteria, code review guidance and abuse cases we can enable efficient collaborative security conversations. Zero gimmicks, no Lego, and not only can we help teams reduce the number of security threats that get into master, but we can do it for free and for a fraction of the time. Session takeaways
BioMy name is Seb Coles, I’m an expert engineer at the hydrographic office where I specialise in application security. I care about anything that prevents vulnerabilities from getting into products such as threat modelling, secure coding, pen test skills, SAST/DAST tooling and conversations. I also work as part of a delivery team building geospatial products using .NET/JS & Python. | |||
11.00 Break
|
Jon Stace (He/Him)Talk, 30 minutes / Track 3 / 11.30Director of Technology at Software Solved Ltd
|
||
Using the Web Cryptography API in PWAs/SPAsWith the advent of good support for implementing apps using web standards, we’re now in the position to deliver quality user experiences that work in the browser both on and offline. This inevitably leads to storing data locally in the browser, which means that we need to think about how to protect that data while it is stored offline. This is where the Web Cryptography API comes in. I’ll cover:
Session takeaways
BioJon has been working in software development for over 20 years. In that time he has worked in a number of industries including insurance, retail, and not-for-profit. He has always been fascinated by computers and this interest developed from an early age, starting with learning Basic for the ZX Spectrum. Jon is co-organiser of the Exeter .NET meetup. | |||
|
Cariad Eccleston (She/Her)Talk, 30 minutes / Track 3 / 12.00Indie author
|
||
Strong, secure & human-free database credentials in Amazon Web ServicesWhen you need to create a username and password for a new database, what do you do? Use the same credentials every time? Use a password manager? What if you’re deploying infrastructure-as-code? Do you ask a trusted human to remember the credentials? Do you keep the details in a shared notebook, or in source control? What’s the worst that could happen, right? I’ll show you how to script the creation, encryption and storage of secrets in AWS. No human needs to see that password, know that password, or type in that password. Only the code that needs access will be granted access. Session takeaways
BioCariad was a Software Team Lead for the best DevOps squad in Thomson Reuters, but the allure of independence was irresistible; now she’s a freelance writer, coder-for-hire, blogger at cariad.me and getcodelove.com and soon-to-be indie author. She loves science fiction, infrastructure-as-code and wondering where her next paycheque will come from. | |||
|
Adam LangleyTalk, 30 minutes / Track 3 / 12.30Consultant / Web Developer & Ethical Hacker at Umbrella Systems / Hacker House Ltd
|
||
The dangers of user inputAs soon as you start to receive user input your in danger of various attacks. Whether it’s cross site scripting, injection, server side request forgery, local file includes, cross site request forgery or another attack vector entirely. My talk will show what can go wrong and methods to protect yourself. Session takeaways
BioI’m a web developer and also an Ethical Hacker specialising in Web App security. I run my own consulting company and also work for a security company called Hacker House which provides pen tests and cyber security training. I’ve recently been building CTF competitions and have plans to start a training course which teaches web developers about cybersecurity. | |||
13.00 Lunch
|
Olly Stephens (He/Him)Talk, 45 minutes / Track 3 / 14.00DevSecOps Architect at Adarga
|
||
Policy as code - why you should, how you canAll organizations have policies. Policies are essential to the long-term success of organizations because they encode important knowledge about how to comply with legal or security requirements, work within technical constraints, avoid repeating mistakes, and so on. And more and more these days, organizations are codifying all of their infrastructure. The mantra “everything as code”. So why would you leave your policies languishing on a wiki page or in a word document? This talk will take a look at Open Policy Agent - a toolset for writing policies in code that’s being incubated by CNCF, and is already integrated into a number of different areas. It will focus on using OPA-based tooling to check conformity of configuration files. As we move to a world where all of our infrastructure is defined declaratively and applied automatically, whilst development, security and operational roles are merged, the ability to enforce policy becomes more important. We’ll also look at some of the other benefits of this approach, such as the ability to write unit tests for your policies. Session takeaways
BioOlly started his career as an EDA software engineer, writing RTL and gate-level simulators, then joined ARM in 1999 to focus on engineering productivity. Whilst there he was responsible for the overall architecture of their engineering platform, as well as leading exploration into future innovations/evolutions such as cloud-based engineering, big data workflows, and infrastructure as code. Olly joined Adarga in December 2018, to lead the devsecops practice and continue his work on robust cloud-native high performant architectures. He has particular interest in all forms of workflow orchestration, as well as a general interest in data-driven story telling. | |||
|
Tom Mason (He/Him)Talk, 45 minutes / Track 3 / 14.45Director of Programming (CTO) at Nexus Mods
|
||
Securing docker containersContainerisation, particularly docker has gained massive traction over the last few years - over 40% of large production deployments are using docker, and over half of those are using orchestration. Containerisation in production offers many benefits - speedy deployments, easy rollbacks, great compatibility, maintainability and good integration with testing and deployment tools but security is often an afterthought. In this talk we’ll go through some methods to reduce your exposure to security issues running containers in production. | |||
15.30 Break
|
Matthew Huxtable (He/Him)Talk, 45 minutes / Track 3 / 16.00Site Reliability Engineer at Sparx
|
||
The forgotten musketeer - availability is a security concern too!In today’s digital world, data is the new currency. We invest significant effort in safeguarding and protecting our customers’ data, yet all too often fail to fully consider the other fundamental pillar of information security: availability. The uptime of our systems is no longer the sole remit of engineers; organisations add value through the provision of always-on technology platforms, and rapidly fall into obsolescence when such systems are unavailable. Risks to our system availability abound throughout the development lifecycle, and often originate from unexpected sources. We protect against malicious third-party actors despite the significant risk associated with increasingly sophisticated software systems to which our developers deploy changes multiple times per day. Originally pioneered at Google, Site Reliability Engineering is the discipline which automates processes and builds systems to ensure a pragmatic approach to this risk in the development cycle. We know systems fail in spite of human effort, not because of it, so we continually optimise and refine the boring parts to promote a pragmatic approach to risk throughout the development cycle. In this talk, I will share my experience implementing SRE in a small organisation to promote availability, discuss the theoretical properties of reliability engineering, and provide practical guidance on building systems which cope well with continual change. Session takeaways
| |||