Security: All for One

By Fawzy Manaa

Elevator Pitch

We all have a responsibility in securing our systems. While there are many advanced security practices and capabilities out there, sometimes the very basics are taken for granted. This talk brings to real life (via simple practices) what it means for security to be a shared responsibility.


Security is not just the responsibility of a centralized security team, a bunch of enterprise architects, or magical creatures living in an ivory tower, it’s your responsibility too! You may be a developer who writes code or an operator who manages and evolves infrastructure and delivery pipelines. This makes you your company’s first line of defence. We all hear about advanced capabilities like intrusion detection and fraud protection which sound futuristic and may need some specialization, but what about the basic things you can start doing today to make your product more secure? In this talk, the presenter will enumerate fundamental practices everyone should take personal ownership of applying including but not limited to handling secrets and keys and managing third party dependencies.


Through my consulting experience, I interact with a lot of developers and operators who are lost about what they can do today themselves on security vs. the need to wait for others to handle this on their behalf or even wait for company best practices/ policies to be issued before they start doing their part. Time and time again, I see some of the basics that we can all do missed… From what I’ve seen out there as common security gaps, I’d like to bring some of those to the surface with simple suggestions to allow everyone to do something about them - Fawzy Manaa