“Security patching system packages is fun!” said no-one ever

20 Oct 2016
11:20 - 11:50
Ctrl Room

“Security patching system packages is fun!” said no-one ever

Proactively security patching system packages often feels more like an arcane ritual to satisfy the script kiddie gods than it does engineering. In part, this is because of a feedback loop that’s more of a feedback line… Post completion, you’re safe in the knowledge that you still haven’t been hacked that you’re aware of. Probably.

But it’s still important – if your OS vendor has gotten round to announcing and fixing vulnerabilities to you, then they’ve landed in everyone else’s inbox too!

This talk will address some of the problems inherent in defensive infrastructure security. It will give examples of how to change the problem space in order to motivate engineers toward being proactive in a field that is “everyone’s responsibility”. Hopefully this should give some insight into how you can leverage technology and pragmatism to instigate change in your security culture. By reducing the pain and uncertainty of taking action, you can make infrastructure security more rewarding and more effective as a result!