A few weeks ago, I spoke with the Ruby users’ group in Nashville, TN, about the importance of understanding the root cause of data breach security incidents and countermeasures that developers can put in place to help prevent them. It’s up on YouTube for your enjoyment at Understanding & Defending Against Data Breaches, as a Practicing Software Developer - Nash.rb.
Security incidents that lead to customer data breaches, which have been happening at an increasing rate, from the latest Anthem Blue Cross breach, to Target, to Home Depot, to breaches including the MongoHQ incident that lead to the BufferApp compromise. Most of these incidents are preventable, some would have even been stopped by simply having two factor authentication for staff member access.
I received the e-mail from Blue Cross that my personal information may have been breached just before taking the stage to give the talk. I hope that my subsequent rant makes for good video.
The slides are up on my Speaker Deck.
It’s good to bookmark this resource for finding out about specific State laws on data breaches and keep it around for your future use.
Finally, some may wonder why I am so intent on presenting about security to developers, many of whom do not normally deal with security issues. It’s because developers are precisely the people who have a chance at making a computer system more secure in the first place. The feedback seems to indicate that many developers are interested!
awesome talk on security by @frankrietta 2nite at @nashrb. I am sufficiently scared & motivated at the same time. #datasecurity— Brad Hubbard (@BradHubbard) February 6, 2015
New term coined tonight at @nashrb by @frankrietta: "abuse stories"— ajgilbert (@ajgilbert) February 6, 2015
@frankrietta great stuff tonight. Looking forward to hearing more about it. Thanks!— Craig Israel (@craig_is_real) February 6, 2015
Great presentation by @frankrietta on Security against data breaches at @nashrb. Thanks!— Cory Martin (@murribu) February 6, 2015
@CodingItWrong @frankrietta definitely give us your feedback on the talk once you’ve had a chance to hear it. it won’t be the last revision.— David Brandon Dees (@brandondees) February 16, 2015
Building applications without the careful consideration of a defense in depth strategy, guided by a written information security policy, is simply not effective. Network security alone is not enough. To build an effective security system, one must include these concerns as part of the design and development processes for web applications and Internet connected systems.