October Meetup

We're back, on Tuesday 17th October, at Sage Bristol (near Queen Square).

Chris Goff will talk about "Secure by Design and by Default", and Daniel Billing has a talk on "Exploring Security".

---

Secure by Design and by Default

Secure by design is not a new concept. But is it typically done well? What does it mean? To what extent should software producers be required to understand how their products could present security threats to their customers, and how should they mitigate them?
We’ll briefly explore this topic, have a discussion about what we think as cyber professionals and engineers, and have a brief look at how we could embed secure design thinking into our daily practices.

Chris has over 18 years of experience in technology careers. Having completed a web application development degree at Bournemouth, Chris has worked for various sizes of business, from a small software start up, to CIO for the UK’s largest independent foster care agency, to working for a Big 4 consulting firm as a cybersecurity consultant. Chris is a security generalist who thrives acting as the interface between security and technology teams and the wider business. He now works for Sage, a FTSE 100 software company, as part of the security leadership team. Outside of work, Chris is a husband and father of two girls, enjoys hiking, camping, wine and folk music.

---

Exploring Security

Security is a vital aspect of software development and quality. Without it, we compromise the confidentiality of data, both corporate and personal, the integrity and the availability of our products and services.

Unfortunately, it is a challenge that is not fully understood, or executed on. Software engineers and leaders need to understand the risks and threats to their customers and deliverables. Sometimes these risks are deferred to tooling, consultants and internal security teams. This is often a great way of working for some organizations, but it ignores the fact that engineers need to be able to identify, fix and communicate the security risks to their products.

Key takeaways:

• Understand the key security risks, threats and vulnerabilities to the services that they work on.
• Understand that security is a whole team problem, which requires thought, planning and honest commitment to take on the challenge.
• Begin to be able to explore security using a variety of methods, techniques and skills

Dan has been working in software testing and quality for over 20 years, in a variety of private and public sector organisations. Over the last 10 years or so he has discovered a passion for security testing and including and encouraging engineering teams to incorporate security processes and skills in their day to day work. Dan has also been a public speaker at a variety of tech and testing conferences across the Europe and the rest of the world. He has been passionately driving interest and skilling up of testers in the security space. Dan currently works at Microsoft Azure for Operators, since 2020. He lives in Bristol, with his family and dog Milo. He can often be found walking Milo around Hanham Common.