Staying One Step Ahead In Security — SecVoyagers! :D
In a previous blog, I used the term affectionately passed on to me by a colleague; “You guys are making this sh*t up as you go along”.
Now there may be an element of truth in that, because we’re shaping our own path in Security at Skyscanner and we’re proud of what we’ve achieved and what we continue to achieve.
But in a similar vein to our Engineers (our “Code Voyagers”), we can’t stand still and admire our handy work. (See Richard Lennox’s great blog re: theory of constraints here: http://codevoyagers.com/2015/12/04/what-worked-yesterday-is-painful-today-is-broken-tomorrow/?linkId=19298679 )
So I thought I would explain how we try and stay ahead of the game.
The simple go-to resource for quick and tailored information to suit your need. We have specific Twitter accounts, following all manner of industry companies, people and resources. Generally, I hear about a hack or vulnerability on Twitter first. You can follow me if you so wish! (plug plug!) https://twitter.com/stuhirstinfosec
There are thousands of tech blogs out there. All manner of thought-leaders. Seek them out on LinkedIn or Medium. Check some of the best here: https://heimdalsecurity.com/blog/best-internet-security-blogs/
Do you use Slideshare? Fantastic resource for presentations across the industry. I recently downloaded and read all the security-related slides from the whole AWS Re:Invent conference.
What about youTube? There are talks, presentations, product reviews, training materials, you name it. Just don’t read the comments, or you’ll worry for the future of humanity! :D
We’ve started trying to dedicate one day a month each purely for training. Not external, paid training, but online free courses or seminars, or simply researching areas of interest. Not enough time is generally given to this, as we all fight the same fires day-to-day.
Try https://www.cybrary.it/ — free security courses, superb! We all love a freebie…
COMPETITORS / SIMILAR BUSINESSES
We look heavily to other internet businesses. What tools are they using? Would they work for us? What has made them the technology success they are and how are they scaling? What risks have they taken? What worked/didn’t work? Are they developing open-source material?
OTHER SECURITY PERSONNEL
There are some fundamental security leaders across the globe. The main players. But there are also some great security people in all manner of industries. Seek them out on LinkedIn/Twitter etc. They’re often found chatting about the very things we need to keep on top of.
I look to guys like Alex Stamos at Facebook, Rik Ferguson at Trend, Troy Hunt, Zane Lackey, Jason Chan at Netflix, Ben Hughes at Etsy.
Yes, they can be over-the-top in terms of sales. But many are excellent opportunities to network, chat to new vendors, listen to speakers. We picked a solution at Skyscanner this year based on extensive conversations at BlackHat. Use these events wisely and they can be very useful.