Documentation Powered Security Talk
Public tracking issue for my TODOs in preparing "Documentation Powered Security" for CHCon
Details
- Slides: https://docs.google.com/presentation/d/1dxY7jJhlS4lE2aCggK8aD-YwuCsbqNiIB5ODwzYehuU/edit?usp=sharing
- Abstract: https://2022.chcon.nz/speakers/nick/
- Time: 1705 Friday, 25th November (NZDT). Just before dinner on Day 1
- Watch: https://www.youtube.com/watch?v=XAXXyW0HH3k&t=4916s
Documentation is often either put in the too hard basket, or created once and put on the shelf to gather dust, unused. What would it be like to work in a place where security is powered in large part by documentation and runbooks? Where security is founded on and improved by documentation? And how could you improve your own workplace with better docs?
Come and hear some real examples and practical tips as Nick from GitLab shares what makes an effective runbook, how collaboration keeps them fresh & accurate, and how great docs set you up for security automation. It’s not rocket science, but by seeing how it works in practice you’ll hopefully be inspired to get that keyboard clacking to power improved security.
TODOs
-
Draft -
Practice talk with another speaker (thanks Jeremy!) -
Refine -
Practice talk again -
Share -
Make slides public: https://docs.google.com/presentation/d/1dxY7jJhlS4lE2aCggK8aD-YwuCsbqNiIB5ODwzYehuU/edit?usp=sharing -
Create static page onthis issue is fine?nick.malcolm.net.nz
with resources:🤷 -
Ask CHCon crew to update page with link to ☝
-
-
Panik -
Do the talk -
(Maybe) turn it into a GitLab blog post -
Before the talk itself?Too tight a turnaround. -
After the talk? -
After the video is uploaded?
-
Resources
- Handbook:
- The GitLab Handbook: https://about.gitlab.com/handbook
- "The importance of a handbook-first approach to documentation" https://about.gitlab.com/company/culture/all-remote/handbook-first-documentation/
- AppSec
- SIRT
- Security Incident Response Team (SIRT) policy: https://about.gitlab.com/handbook/security/security-operations/sirt/sec-incident-response.html
- Team-member-friendly Security page: https://about.gitlab.com/handbook/security/#contact-gitlab-security
- Misc.