Hello everyone,

I've just returned from an amazing week at the last Kiwicon security conference in Wellington, New Zealand. 

In the coming days i'm going to be posting up two different blog posts, one around the training I attended and another for the conference talks and event itself. 

I was most fortunate to attend the 'Security on a shoestring' day of training presented by the CEO of Safestack Laura Bell (Twitter @Lady_nerd) . Laura gave us an excellent day going over  the security team basics we need to be thinking about. The training gracefully adjusted to meet the needs of our diverse audience and spoke to those in small agile start ups to some of the bigger enterprises equally. Its was outstanding value and fun. 

Im writing up my take aways as a new security professional and the fairly extensive to do list I built while taking notes on the course.

The Kiwicon conference itself has been an integral part of my professional development and put me in touch with some of the greatest people in our industry over the last 10 years i've been to 8 of the 10 total and its always and intense two days of hacking and defending talks from the best in security from New Zealand and abroad. 

Im still really distilling all the learnings, I took away an enormous amount from the conference but the key talks for (and the main body of content of my next post) were:

  • Darren Bilby from Google security on failed security initiatives and the some of the alternative strategies they have employed to defend effectively.
  • Eleanor Saitta from Etsy securty gave a great security culture talk which spoke in detail about the need to understand be connected with the users you serve so you can best help them be safe but not roadblock or make their lives worse by saying no. 
  • Finally the AWS hacking end to end talk by Daniel Grzelak the security intelligence manager at Atlassian. Some of the attacks presented were simple and truly frightening. Its a call to really consider how effectively you are monitoring your AWS environment for changes.

While I do enjoy the technical talks focused on breaking and attacking immensely my passions in security really are in defending and building a great security team that helps spread a great company security culture. I think that'll be not only the focus of the next two posting but all postings. 

If that sounds like you ... stay tuned! I'll have something up in the coming week. Until then .. were you at the conference? Keen to chat and hear your experiences ... hit me up on twitter at @SparkleOps