Speaker

Jonny Tyers

Jonny Tyers

Pragmatic cloud security for tech businesses

Bristol, United Kingdom

As a former teenage hacker, Jonny has always had a keen interest in security. He's worked in software since the 2000s, as engineer, project lead, security architect and advisor to CISOs and CTOs.

He has worked with major UK brands including banking, e-commerce, internet-of-things, medical research and UK Defence. The data in his care has spanned from national secrets to the nation's payment plumbing and his clients' most sensitive intellectual property assets.

Jonny works with tech businesses who prize pragmatic security. A fan of keeping things "as simple as possible, but as complex as necessary," Jonny applies simplicity to all his work to aid teaching and communicating.

He's also no stranger to detail, keeping his hands dirty with his own coding daily and can speak authoritatively on the technical nitty-gritty of security as well as the high-level business view.

Area of Expertise

  • Information & Communications Technology

Topics

  • Cloud Security
  • Cloud Security Architecture
  • AWS Security
  • AWS DevOps
  • threat modeling
  • DevSecOps
  • DevOps
  • Cloud & DevOps
  • SecDevOps
  • Continuous compliance (DevSecOps perspective)

Zoom out: Holistic security while keeping up delivery

Security done right starts with business risk, assessing systems against business risks and then mitigating using security measures (technical or non-technical).

Yet with security teams stretched, developers focussed on delivering features fast, and no-one really getting information on business risks from above, how do we address the risks that matter without pushing out delivery dates?

In this session I'll show how to get ahead of the curve on security. I'll show our audience how to find risks and vulnerabilities in the code they write and the architectures they build.

I'll introduce threat modelling as a technique that can be used by anyone to find these, then show how a threat model empowers you to find the risks that matter most, and ignore the rest, all while providing the evidence you need for when others come asking.

And the best bit? Threat modelling is quick, easy to pick up, and provides lasting security benefits for your team and your systems. It's practical to introduce at any point in the lifecycle of a system and you can start small to dip your toe in the water.

At the end of this session the audience will have a reminder of the importance of security, they'll be equipped with a modern, flexible and simple method for finding and reducing security risks, and they'll know how they can get started.

This talk is not technical (though our demo and examples will include technical content) and focusses on how to tackle security while balancing the other needs of a typical development team. It's great for engineers and engineering team leads, but could give the greatest value to CTOs or other tech executives who are grappling with the challenge of security right now, particularly where their organisation does not have a security function, or their security function is not well aligned to modern development methods and tools.

The North Star: Risk-driven security

In this session I'll show how to get ahead of the curve on security. I'll show our audience how to find risks and vulnerabilities in the code they write and the architectures they build.

I'll introduce risk-first threat modelling, using business risk as the north star to drive out the threats that really matter.

The end result? A clear understanding of your most important weaknesses and where to focus on next, and a model that you can take to anyone in the business to get buy-in, funding, and support for your risk-reduction efforts.

Threat modelling is quick, easy to pick up, and provides lasting security benefits for your team and your systems, and is practical to introduce at any point in the lifecycle of a system.

At the end of this session the audience will be equipped with a modern, flexible and simple method for finding and reducing security risks, connected to the business and easily explainable to other teams, and they'll know how they can get started.

Jonny Tyers

Pragmatic cloud security for tech businesses

Bristol, United Kingdom