Snakeoil AcademySpeak at PyCon AU 2021

Security Architecture from Ancient Times

Liam O

he/him

Liam is a former developer turned pentester. His passion is not just breaking systems, but providing empathetic and actionable advice on how they can be improved. Liam is Director of Consulting at Assurance and is a duck enthusiast _o<

Security Architecture from Ancient Times

We’re all building castles, but how well will they stand up under siege?

Assembling individual controls into a unified, secure architecture can seem daunting, but doesn’t have to be.

Infosec folks like to go on about Threat Modelling and Risk Assessment, but these count for nothing unless their outcome is an actually secure system design. In a world where budgets are constrained by time and resources, we can only implement a limited subset of possible security controls when building systems.

Using various historical fortifications as easy to understand real-world examples, this talk will show you how you can assemble security controls using a simple framework and criteria. This framework can be applied by anyone who designs, builds, evaluates, or attacks systems on any scale, from individual software components to enterprise architecture.

This framework will be illustrated by applying it to a simple example Django web application.

Conference schedule listing