scaling security at atlassian - ashley blackmore
DESCRIPTION
With any QA or security team, it's important to utilize your resources as much as you can since testing every piece of a large codebase is a huge task. Join Ashley's session to discover how Atlassian uses automation to focus on our team's specific threat models, and do more with less.TRANSCRIPT
![Page 1: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/1.jpg)
#atlassian
![Page 2: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/2.jpg)
NOTES:
• Your main title goes in the large blue
font.
• If you have a title that naturally splits
into a subtitle, use the smaller green
font for the subtitle. If not, delete the
subtitle
PHOTO
1. Place your photo at around the
same size as the example photo
2. (Keynote users:) Move your photo
onto the blue shape below Select both
photo and shape and then choose
“Mask with selected shape” from the
menu. Double click the photo to edit
the scale and crop position.
ASHLEY BLACKMORE • SECURITY ENGINEER • ATLASSIAN • @BlackmoreAshley
Application Security at Atlassian
Secure Code Across Massive Teams
![Page 3: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/3.jpg)
About Me
• Studied Electrical Engineering • Interests: database algorithms, data analysis • Engineer, on Atlassian AppSec Team for ~18 months
![Page 4: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/4.jpg)
About This Talk
• Being a Friendly Neighbourhood Security Engineer
• Many Robots: Herding Automatons and Mechanical Turks
![Page 5: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/5.jpg)
NOTES:
• If it’s important for the
audience to remember where
they are in the chapter
sequence and see forward /
backward, use this slide for
chapter titles. Move the white
lozenge style to whichever
section you’re introducing
Being a Friendly Neighbourhood
Security Engineer
![Page 6: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/6.jpg)
NOTES:
• If you use the Chaper Title with
sections system, you can place
a lozenge at the top of the page
to indicate the section, like this
example
• Use this only if it’s important to
remind people of where they’re
at in the Chapter sequence.
BEING A FRIENDLY NEIGHBOURHOOD SECURITY ENGINEER
Wargames, Pwnys and Pavlovian Conditioning
![Page 7: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/7.jpg)
...great code is also secure code
![Page 8: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/8.jpg)
NOTES:
• If you use the Chaper Title with
sections system, you can place
a lozenge at the top of the page
to indicate the section, like this
example
• Use this only if it’s important to
remind people of where they’re
at in the Chapter sequence.
BEING A FRIENDLY NEIGHBOURHOOD SECURITY ENGINEER
Wargames, Pwnys and Pavlovian Conditioning
![Page 9: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/9.jpg)
NOTES:
• If you use the Chaper Title with
sections system, you can place
a lozenge at the top of the page
to indicate the section, like this
example
• Use this only if it’s important to
remind people of where they’re
at in the Chapter sequence.
BEING A FRIENDLY NEIGHBOURHOOD SECURITY ENGINEER
Wargames, Pwnys and Pavlovian Conditioning
![Page 10: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/10.jpg)
NOTES:
• If you use the Chaper Title with
sections system, you can place
a lozenge at the top of the page
to indicate the section, like this
example
• Use this only if it’s important to
remind people of where they’re
at in the Chapter sequence.
BEING A FRIENDLY NEIGHBOURHOOD SECURITY ENGINEER
Security in The Atlassian Dev Pipeline
![Page 11: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/11.jpg)
NOTES:
• If you use the Chaper Title with
sections system, you can place
a lozenge at the top of the page
to indicate the section, like this
example
• Use this only if it’s important to
remind people of where they’re
at in the Chapter sequence.
BEING A FRIENDLY NEIGHBOURHOOD SECURITY ENGINEER
Security in The Atlassian Dev Pipeline
![Page 12: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/12.jpg)
NOTES:
• If it’s important for the
audience to remember where
they are in the chapter
sequence and see forward /
backward, use this slide for
chapter titles. Move the white
lozenge style to whichever
section you’re introducing
Many Robots: Herding Automatons
and Mechanical Turks
![Page 13: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/13.jpg)
NOTES:
• If you use the Chaper Title with
sections system, you can place
a lozenge at the top of the page
to indicate the section, like this
example
• Use this only if it’s important to
remind people of where they’re
at in the Chapter sequence.
HERDING MANY ROBOTS
Bespoke Automation: The Balance of Commercial and Custom Tooling
![Page 14: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/14.jpg)
NOTES:
• If you use the Chaper Title with
sections system, you can place
a lozenge at the top of the page
to indicate the section, like this
example
• Use this only if it’s important to
remind people of where they’re
at in the Chapter sequence.
HERDING MANY ROBOTS
Drinketh not of the firehose
![Page 15: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/15.jpg)
...don't just build ways to keep yourself busy
![Page 16: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/16.jpg)
"No security alerts shown to
developers should ever be false positives."
![Page 17: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/17.jpg)
Inline Education
HERDING MANY ROBOTS
![Page 18: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/18.jpg)
Developer-Security Feedback Loop
HERDING MANY ROBOTS
![Page 19: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/19.jpg)
NOTES:
• If it’s important for the
audience to remember where
they are in the chapter
sequence and see forward /
backward, use this slide for
chapter titles. Move the white
lozenge style to whichever
section you’re introducing
The Future of Atlassian Security Automation:
Lighthouse
![Page 20: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/20.jpg)
Lighthouse: Plan Creation
BUILD YOUR OWN AUTOMATION!
![Page 21: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/21.jpg)
Lighthouse: Results
BUILD YOUR OWN AUTOMATION!
![Page 22: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/22.jpg)
NOTES:
• If you have short reminders or
highlights that you want people
to tweet, use this. • Make sure your Engineers know that great code is also secure code • Reward your Engineers for being great • Use automation, but always keep the SNR high
Key takeaways: #atlassian
![Page 23: Scaling Security at Atlassian - Ashley Blackmore](https://reader034.vdocuments.mx/reader034/viewer/2022042422/547c31585906b577798b46c2/html5/thumbnails/23.jpg)
Thank you!
ASHLEY BLACKMORE • SECURITY ENGINEER • ATLASSIAN • @BlackmoreAshley