Lost Summer - Halfway Update
We have reached the halfway mark in the Lost Summer project: two weeks down, two more to go!
A highlight of this week was the kick-off of several practical projects. The idea of including practical projects is stretch technical skills and round out soft skills. Our participants are working closely with experienced security professionals, and hopefully learning some of the business context behind technical tasks.
In total we have 6 projects running, involving 29 participants:
Basic malware analysis techniques, with Ronan Donohue of Broadcom
Securing AWS infrastructure, with Niall McGrath of Docusign
DevSecOps: building the CI/CD and SDLC pipeline for a mobile app, jointly led by Liban Mohamud of Verizon Connect and Kevin Cornally of JPMorgan
Writing a 3rd party suppliers guide for the protection of a company's data, with Don Reynolds of CRH
Analysing alerts from an SIEM system to detect security threats, jointly led by Vasudha Krishnamurthy of Accenture and Arjun Parankusha of Arkphire
Documenting a threat model for a fictional organisation facing acute risks, which is group effort: myself, Don Edwards, Don Reynolds, and Jonathan Trayers.
As well as kicking off these projects, our volunteers continue to deliver fantastic presentations and discussions around the most important topics for early-career security professionals.
In addition to the volunteers highlighted in week 1, we heard 13 new voices this week:
Andy Whelan of Coinbase, Andy Harbison of Grant Thornton, and Liam Varley of HPE, who delivered a fantastic panel discussion on burnout, with lots of practical advice for those starting out in security.
Joanne O’Connor of HPE and Louise O’Hagan of Cyber Safe Ireland (who is very consciously not on LinkedIn!), who gave a very popular talk on security awareness and employee education as a part of security.
Will O’Brien of PwC and Michael Whelan (in a personal capacity), who outlined how to communicate security in business terms, both in normal operations and during security incidents.
Eoin Fleming of Leveris and Rudolf Vesely of GTL, whose very polished presentation covered infrastructure security, particularly how that area has changed over time and where it stands today.
Vasudha Krishnamurthy of Accenture and Arjun Parankusha of Arkphire, who discussed security alert handling, SIEM systems, and the work of Security Operations Centres (SOCs) - nicely teeing up their project on the same topic!
Debra Okwuzi of Dropbox, who spoke about vulnerability management as a foundation of good security, with a lot of really useful business context included (and a fantastic example of how to deliver a security talk)
Niall McGrath (in a personal capacity), who shared his experience securing infrastructure on AWS, with some great examples and practical tips
One further highlight: we’re discovering networking opportunities for volunteers as well as participants. Several of our volunteers had never met before this programme, but are now jointly running projects or delivering panel sessions together.