How to build a secure system and keep it secure in the face of changing requirements

A session at Velocity: Web Performance & DevOps Conference

Wednesday 27th May, 2015

9:00am to 10:30am (PST)

As we move towards architectures designed to cope with changing requirements, and eternal services that go live and iterate, how can we manage change in a secure way? How can we possibly build secure systems in this environment?

If you work in a governmental or regulated industry, then you’ll already be familiar with the hollow promises of accreditation. That’s commonly the thing left until the end, about the same time as the testing, and gives rise to the concept that security is the team that just says No.

What if it could be different? What if a service could be continually accredited, continually tested against a baseline of security tests, and that the team was able to own and manage the risk register?

In this tutorial, I will talk through how government is changing its approach to accreditation, to building secure services. We’ll cover things from continuous security testing through to living risk registers, team threat assessments, and security embracing the entire service design.

About the speaker

This person is speaking at this event.
Michael Brunton-Spall

Technical Architect for Government Digital Service

Coverage of this session

Sign in to add slides, notes or videos to this session

Tell your friends!


Time 9:00am10:30am PST

Date Wed 27th May 2015

Short URL


View the schedule


See something wrong?

Report an issue with this session