Did you know that at Telstra we have one of the largest teams of cyber security professionals in Australia?
We have more than 500 people working to fiercely protect the data of our customers and organisation. These people protect our extensive network by preventing issues and solving problems when they arise.
That’s why it’s important for us to keep up to date with information security trends to make sure we’re ahead of the curve. One way we do this is by attending industry events, which some of our team recently did when they went along to the OWASP AppSec Day 2018 – Australia’s only conference dedicated to application security.
So what insights did our people get? Here are the top three things:
Security + DevOps = DevSecOps
Yaso Addanki, Senior Security Architect
Increasingly, people are learning that cyber security is something they need to consider in their work. Take DevOps for example, Yaso describes how this area of work is increasingly asking how it can be more secure.
“A significant trend at the conference was the focus on cyber security in the DevOps world and the importance of the need to embed security in the CI / CD (Continuous Integration/Continuous Delivery) pipelines,” she said.
“The security challenges with Docker containers and agile methodology, and how iterative threat models can be used to combat some of the challenges that come with them, was also a major topic.
“Telstra is working proactively here – we’re incorporating DevSecOps practices into development communities across the organisation”
Code needs to be secured as quickly as it’s written
Stefan Gigliotti, Enhanced Services Trainee, Secure Code
As more and more solutions are being made digitally, cyber security principles need to be applied throughout a project’s life-cycle. Stefan learned other teams are beginning to ask questions about security and data protection which is a very promising sign.
“As a whole, I saw a big emphasis on DevSecOps – enabling organisations to deploy code quickly, and securely in an iterative manner,” he said.
“Telstra’s Cyber Security team is already following this trend, with the recent introduction of a team in Cyber Security called “DevOps Security”, which is focused on how we can deliver security services and capability to DevOps teams.
“One initiative we’ve introduced is the concept of training a ‘security champion’ embedded in each feature team, allowing security to be a shared responsibility.”
“What I learnt was very helpful to my career because I am new to the Secure Code team, and fairly new to the AppSec space. The conference provided me a great platform to start my journey, and thrive in the Secure Code team here at Telstra.”
Cyber Security is everyone’s responsibility
Ben Ellett, Security Technologist-Specialist
Cyber security isn’t just the responsibility of the specialists who work to protect it, it is something we all need to consider. Ben was amazed to learn that this year’s AppSecDay wasn’t just for security specialists.
“One of the biggest surprises at the conference was when the keynote speaker asked the crowd how many people DID NOT work in information security. Approximately 50 per cent of the audience raised their hand,” he said.
“This showed me that cyber security extends past the people who specifically work in this function.
“That’s the case here at Telstra, where the Secure Code team within Cyber Security, works with other developers in the business to establish good secure coding practices.
“In terms of the next step in my career and to keep up with industry trends, I’ll endeavour to learn more about the development stacks that full time software developers use in order to learn the security pros and cons inherent to that software.”