Menu
TechEd 2014: Security should be a constant for developers

TechEd 2014: Security should be a constant for developers

Laura Bell, director and lead consultant at Safestack.io, encouraged developers to think like bad people to make organisations more secure.

Bad things can be done for good, and all good developers should learn to be bad people too.

“Security fails when it is special, when it is not integrated into your life. Make continuous noise and it should be constant. Figure out how to break things. Don’t preclude threats; anybody can commit crime, across all ages and abilities. Know where your organisation’s bodies are buried and bring it into everything you do today,” said Laura Bell, director and lead consultant at Safetstack.io.

According to Bell, “Good and bad are problematic words and we need to start separating actions from intentions. Embracing bad behaviour can be challenging but you can avoid common pitfalls and get some good out of it.”

She was speaking about how security should become a constant part of the thinking process for developers and engineers, and how they should try to break into their organisation’s solution sets as part of such thinking at Microsoft's TechEd 2014.

“Before I can tell you how you can do it, I should tell you how not to do it. Don’t go at it without having clear aims, and remember, not all attacks need to be sophisticated and elegant. Don’t romanticise; understand that real crime has real repercussions.

“Don’t make it into a puzzle. You only want to get from A to B in the shortest possible time. And there is always more than one way to do that. Be careful when reporting faults; no one likes to be blamed. Also, just trying to break into your organisation does not make you any less a moral person,” she said.

She then proceeded to take the developers in the audience through some guiding points that they could keep in mind when they try to be bad people.

“Be objective and keep your eyes on the prize. It is rarely about the technology, so don’t get distracted by the layers that an organisation has. Learn to see the things that you did not see before. Notice the unprotected network ports in the boardroom that anyone can clip something to and nobody would notice. See the things that you have been walking past everyday.

“And think like a villain. Remember, you are not paranoid, they are really out there to get you,” said Bell.

She stated that developers should create a safe place to create chaos in, where the bad stuff can be done. Practice has to be done on something that is just like the production environment, or done on the production environment in a scheduled manner.

“Don’t surprise your organisation. Create a space for destruction to happen. Monitor things and stop guilting people when they break things. Reward the breakers and those who point out vulnerabilities. But reward the fixers a little bit more. And when you do this, do it like you mean it, like hundreds of hours have not been spent developing those systems or there is no love behind it. Hackers won’t see all that, and neither should you when you set out to do this,” said Bell.

She encouraged developers to make time for play and break bad for life, not just at one instant.

Bell was presenting on the last and final day of the four-day Microsoft TechEd conference that took place in Auckland this week. More than 2000 IT tinkerers, developers, vendors and partners gathered at the annual event to discuss the latest in the company’s technologies and solutions.

Read more: Siloed approach to security leaves it exposed: Dell Software


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftTechEdTechEd 2014laura bellsafestack.io

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments