![Page 1: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/1.jpg)
Anthi Gilligan
“From ZERO to HERO” Building security from scratch
Application Security Engineer - Logitech
@AnGreagach
![Page 2: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/2.jpg)
Who I am and what I do
![Page 3: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/3.jpg)
The state of Infosec
![Page 4: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/4.jpg)
The “experts”
![Page 5: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/5.jpg)
Pitfall #1
![Page 6: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/6.jpg)
Pitfall #2
![Page 7: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/7.jpg)
Pitfall #3
![Page 8: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/8.jpg)
ENCRYPT OR
DIE!!!!!
Pitfall #4
![Page 9: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/9.jpg)
Policies, standards and tech specs
![Page 10: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/10.jpg)
Security Architecture
![Page 11: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/11.jpg)
Agree principles and objectives scope first…Security Architecture
![Page 12: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/12.jpg)
Security Architecture
Business RequirementsEnterprise Architecture• Goals• Rules• Requirements
Security Architecture• Laws and regulations• Standards• ISMS
Ask the business+Ask the World!
Ask the business
![Page 13: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/13.jpg)
Some principles of Security Architecture
Security and privacy by design Security controls appropriate to risk
Defence in depth
Audit significant activities
Ensure accountability
Identify the weakest link
By invitation only
Design using security standards
Least Privilege
Secure SDLC
![Page 14: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/14.jpg)
Simplify and standardise Mutual authentication
Fidelity of environments
Remote log file collection
E2E technology lifecycle
Inbound interactive connections
Don’t trust… prove!
Inbound interactive high-risk users
Protect the data
Secure recovery
Some (more) principles of Security Architecture
![Page 15: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/15.jpg)
YOU!
![Page 16: From Zero to Hero: Building security from scratch...2018/08/30 · “From ZERO to HERO” Building security from scratch Application Security Engineer - Logitech @AnGreagach Who](https://reader034.vdocument.in/reader034/viewer/2022050109/5f474159e1825750721c08be/html5/thumbnails/16.jpg)
Question Time!
Coffee = 1 question
Beer = 2 questions
Gin = Let’s talk at the bar ☺
@AnGreagach