SANS Cyber Defence Australia 2023 Community Night - July 6

Presentation 1 - DevSecOps - We Are The Champions and 2023

Chris Edmundson, Associate Instructor

Please join us for some fun at an interactive session about the key benefits to building security champions across your development, security, and operations teams (DevSecOps). In this session, we’ll discuss how to build out your security champions with methods, key performance indicators, and a framework to help you bridge the gaps across DevSecOps - enhancing security within your CI/CD pipeline with a special focus on the cloud as our platform. The discussion will be both from a technical and business perspective so please come prepared to be engaged, enthusiastic, and energetic as we’ll play the game to bring out the security champions from within us and our organisation!

Presentation 2 - 2023 SOC Survey - Highlights and Deep Drive presented

Christopher Crowley, Senior Instructor

In its 7th year, the SOC Survey continues to be a valuable source of peer comparison.

Crowley will review key findings from this year's survey: SOC capabilities, funding, staffing, and challenges. He'll discuss how SOCs use Threat Intelligence, and what technology gets good grades, and which seem to be failing to fulfill their promise. After about 30 minutes of executive summary style review of findings, he'll delve into details using the public release data from the survey responses. This includes a quick fundamentals review of the setup for jupyter notebook, pandas, and seaborn. Then using this environment he'll discuss analysis considerations starting from data cleaning issues and moving into more advanced analysis. He'll also provide instructions and code samples that would allow attendees to answer their own questions from the released data. Attendees can download the python Jupyter notebook and data set to follow along during the presentation, or work on afterward. The release of the survey data started from a 2018 question, when one of the readers asked something to the effect, "I work at an enormous company, and I really only want to see what other enormous companies in the financial sector answered in the survey." At the time, Crowley did some additional analysis to help answer that question. But realised that many readers likely had their own variation on that question. This session gives you the headlines, but also the skills to get into the details if you choose. Or, you can come watch and laugh along with him as he typos his way through the python and pandas code.