Menu
TechEd 2014: Security should be a constant for developers

TechEd 2014: Security should be a constant for developers

Laura Bell, director and lead consultant at Safestack.io, encouraged developers to think like bad people to make organisations more secure.

Bad things can be done for good, and all good developers should learn to be bad people too.

“Security fails when it is special, when it is not integrated into your life. Make continuous noise and it should be constant. Figure out how to break things. Don’t preclude threats; anybody can commit crime, across all ages and abilities. Know where your organisation’s bodies are buried and bring it into everything you do today,” said Laura Bell, director and lead consultant at Safetstack.io.

According to Bell, “Good and bad are problematic words and we need to start separating actions from intentions. Embracing bad behaviour can be challenging but you can avoid common pitfalls and get some good out of it.”

She was speaking about how security should become a constant part of the thinking process for developers and engineers, and how they should try to break into their organisation’s solution sets as part of such thinking at Microsoft's TechEd 2014.

“Before I can tell you how you can do it, I should tell you how not to do it. Don’t go at it without having clear aims, and remember, not all attacks need to be sophisticated and elegant. Don’t romanticise; understand that real crime has real repercussions.

“Don’t make it into a puzzle. You only want to get from A to B in the shortest possible time. And there is always more than one way to do that. Be careful when reporting faults; no one likes to be blamed. Also, just trying to break into your organisation does not make you any less a moral person,” she said.

She then proceeded to take the developers in the audience through some guiding points that they could keep in mind when they try to be bad people.

“Be objective and keep your eyes on the prize. It is rarely about the technology, so don’t get distracted by the layers that an organisation has. Learn to see the things that you did not see before. Notice the unprotected network ports in the boardroom that anyone can clip something to and nobody would notice. See the things that you have been walking past everyday.

“And think like a villain. Remember, you are not paranoid, they are really out there to get you,” said Bell.

She stated that developers should create a safe place to create chaos in, where the bad stuff can be done. Practice has to be done on something that is just like the production environment, or done on the production environment in a scheduled manner.

“Don’t surprise your organisation. Create a space for destruction to happen. Monitor things and stop guilting people when they break things. Reward the breakers and those who point out vulnerabilities. But reward the fixers a little bit more. And when you do this, do it like you mean it, like hundreds of hours have not been spent developing those systems or there is no love behind it. Hackers won’t see all that, and neither should you when you set out to do this,” said Bell.

She encouraged developers to make time for play and break bad for life, not just at one instant.

Bell was presenting on the last and final day of the four-day Microsoft TechEd conference that took place in Auckland this week. More than 2000 IT tinkerers, developers, vendors and partners gathered at the annual event to discuss the latest in the company’s technologies and solutions.

Read more: Siloed approach to security leaves it exposed: Dell Software

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags safestack.iolaura bellMicrosoftTechEdsecurityTechEd 2014

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments