Security dashboard from 0 to hero

Christian Martorella - Product Security Engineering Lead
20 Oct 2017
10:25 - 12:25
CMD room

Security dashboard from 0 to hero

In this workshop I will show people how they can build a vulnerability management security dashboard with metrics that will let you track the progress of your teams and share with the rest of company in order to support decision making.
The dashboard will provide visibility on areas that before people was blind and unable to provide answer to the business. The workshop will focus in using iPython notebooks, Pandas and Matploitlib.
The workshop will first cover how to prepare your environment to allow the automation independently of the ticketing system you use (Jira, Visual Studio Online, etc.), we are going to define a vulnerability category and sources system based on labels/tags, and agree on other areas like risk level. Once we show how to get the raw data, we will start leveraging the power of iPython, Pandas and Matploitlib to create metrics and start making sense of the data we have.
We are going to create stats and metrics like:  Average time to fix a bug, Average lifetime of a bug, Vulnerability distribution per categories, Overdue items based on SLA, Top teams with vulnerabilities, Fastest/slowest teams to fix issues, Distribution of vulns. per teams, and many more. Finally we are going to show how can we create some benchmarks against the industry.
You are going to get from 0 or limited data due the tooling you have to a hero of the dashboards and data driven decision making.

If you want to get ahead for tomorrow Workshop, you can clone this repo and follow the instructions:
https://github.com/laramies/devseccon2017