Atlassian Admin's Guide: Securing Your System from Jira to Defense
Details
Unlock expert tips for administering your Atlassian apps and scaling your System of Work. This deck delivers best practices, live demos of Atlassian Administration, and direct Q&A with product experts; everything org admins need to manage and optimize their Atlassian environment.
Jira instance is more than a project tracker, it's a high-value target. Every automation rule, attachment, and API token is a potential entry point for an attacker, while misconfigured permissions in Confluence can expose your core intellectual property. We often bolt security onto our DevOps toolchain as an afterthought, turning Atlassian's powerful ecosystem into a sprawling, unmonitored attack surface that keeps engineers and CISOs alike awake at night.
In this session, We will bridge the gap between red-team offense and governance compliance right inside your Atlassian stack. Drawing from experience building ethical hacking tools like the DRACULAR framework and contributing to national digital policy, We will demonstrate practical attacks on common misconfigurations before pivoting to a defender's blueprint. You will leave with actionable strategies to leverage Atlassian Access for Zero-Trust, transform Audit Logs into a forensic tool, and embed security into the DNA of your Jira workflows and Bitbucket pipelines, turning your greatest productivity tools into pillars of your cyber resilience.
Key takeaways
Understand your attack surface: How automation rules, API tokens, marketplace apps, and misconfigured permissions in Jira and Confluence become high-value targets for attackers.
See offense in action: Live-style walkthroughs of common misconfigurations and how red-teamers pivot across projects, spaces, and repositories inside Atlassian tools.
Blueprint for Zero-Trust with Atlassian Access: Concrete patterns for enforcing strong identity, SSO, MFA, SCIM, and least-privilege across users, groups, and external collaborators.
Operationalize audit & observability: How to turn Atlassian audit logs, security alerts, and integrations into a forensic and monitoring layer instead of a compliance checkbox.
Embed security into workflows and pipelines: Practical ways to bake checks into Jira workflows, approval paths, and Bitbucket pipelines so security becomes an inherent part of delivery, not an afterthought.
Agenda
5:00 PM – 5:15 PM | Check-In & Icebreaker
Welcome first-time attendees and quick intro to Atlassian Community Nairobi.
Icebreaker
5:15 PM – 6:10 PM | Atlassian Admin's Guide to Scaling Your System of Work – Presented by Michael Kimathi
Admin observability: using logs, reports, and admin insights to see how work really flows.
Hygiene and lifecycle: archiving projects, cleaning fields, taming configs, and keeping your instance healthy.
Preparing for the next stage: what to fix now before doubling teams, regions, or products.
6:10 PM – 7:00 PM | From Offense to Defense: Zero-Trust with Atlassian Access – Presented by Danfold Mosongo
Identity & Access: Using Atlassian Access for SSO, MFA, SCIM, and least-privilege at scale.
Governance in Practice: Designing group structures, org policies, and external collaborator controls that actually hold.
Audit & Detection: Turning Audit Logs into a forensic tool instead of a compliance checkbox.
7:00 PM – 7:20 PM | Knowledge Check, Q&A & Community Share-Out
Rapid-fire knowledge check: Scenario-based questions on misconfigurations and fixes.
Open Q&A: Attendee questions on specific setups, compliance needs, and tooling.
7:25 PM – 8:00 PM | Closing, Networking
Closing remarks and key takeaways recap.
Networking with peers, security and platform leaders, and Atlassian Community members.
Target Audience
Engineering leaders,
Jira/Confluence admins,
DevOps and platform teams.
Security engineers, risk and compliance leaders
CISOs using Atlassian tools in high-growth or regulated environments.
We have over 6,000+ members and we meet regularly to encourage better use of Atlassian tools among current or prospective users. Our events typically offer several team talks, hands-on workshops, Hackathon, free food/drink, and networking opportunities with 75-200 attendees.
Like an attendee at one of our events, you can expect to:
Share and learn Atlassian product knowledge, best practices, and case studies.
Provide valuable user input to Atlassian so that they can keep making great products for us to use.
Network and build a support system with fellow Atlassian product users.
Atlassian Community Nairobi is an award-winning community:
SET THE STANDARD 2022
SET THE STANDARD 2018
MOST ACTIVE in EMEA 2017
Global MASTER OF CONVERSION WINNER 2017
HELP US PLAN OUR NEXT EVENT
Do you want to suggest a topic for us to focus on?
Do you have a presentation proposal?
Does your company want to host an event?
Does your company want to sponsor an event?
Check out our community on our socials:
Subscribe on Youtube: https://www.youtube.com/@acnairobi
Follow on LinkedIn (Ecosystem updates): https://www.linkedin.com/company/69674377/
Follow on Twitter: https://twitter.com/ACNairobi
Like on Facebook (Photos): https://web.facebook.com/ACNairobi/
Follow us on Instagram: https://www.instagram.com/acenairobi/
Contact the Community with your suggestions.
Thank you!
Agenda
---
Speakers
Danfold Mosongo - TECH PATHS (CYBER SECURITY ENGINEER | TECH POLICY & DIGITAL GOVERNANCE STATESMAN)
I am a Cybersecurity Engineer and digital governance expert who bridges the gap between technical security and practical policy. I architect secure systems and contributes to national digital policy in Kenya, working with entities like the Ministry of ICT and the NCIC. As the founder of TECH.PATHS and a builder of red-team tools like the DRACULAR framework, i am passionate about translating co…
Michael Kimathi - Impact Masters & Africa's Talking (Consulting Entrepreneur & Head of Developer Community)
Award winning Developer and Tech Ecosystem Builder. He connects people to solutions that empower them to realize their highest potential and as a result, this has produced professionals and scalable businesses. In his free time, you will find him leading the developer community. His name is Michael Kimathi and this is his life purpose. Entrepreneur in Music and Technology. Driven by the purpos…
Moderator
Michael Kimathi - Impact Masters & Africa's Talking (Consulting Entrepreneur & Head of Developer Community)
Award winning Developer and Tech Ecosystem Builder. He connects people to solutions that empower them to realize their highest potential and as a result, this has produced professionals and scalable businesses. In his free time, you will find him leading the developer community. His name is Michael Kimathi and this is his life purpose. Entrepreneur in Music and Technology. Driven by the purpos…
Hosted By
Michael Kimathi, Atlassian Community Leader
Computer Scientist| Entrepreneur| Pro DJ (Consulting Entrepreneur in Technology and Entertainment). Developer Community Expert.
---
Global Partner
Atlassian (http://atlassian.com)
Millions of users globally rely on Atlassian products every day for improving software development, project management, collaboration, and code quality.
Partners
Impact Masters (https://impactmasters.io)
Disrupting Status Quo.
Africa's Talking (https://africastalking.com/)
Powering Communications Solutions Across Africa, With simplified access to telco infrastructure, developers use our powerful SMS, USSD, Voice, Airtime and Payments APIs to bring their ideas to life, as they build and sustain scalable businesses.
---
For over a decade, Atlassian customers have come together to network, share ideas, solve problems, and find new ways to use Atlassian products. Today, more than 15,000 people take part in Atlassian community events in more than 30 countries.
Complete your event RSVP here: https://ace.atlassian.com/events/details/atlassian-nairobi-presents-atlassian-admins-guide-securing-your-system-from-jira-to-defense/.