Featured Speaker: Jean Buff

Jean works on developing and maintaining new tools revolving around security insights, specifically for Alphabet entities. He also works on Threat Assessment projects and various community outreach efforts such as the Google CTF. Previously Jean worked as a Team Leader Technology Consultant at Accenture, specialized in the banking sector, as well as UBS AG.

Jean has a Masters in Food Science Engineering from ETH Zurich and was a visiting graduate student at Stanford University where he worked on cancer research.

The Forgotten Helpers: “You dig the hole, we provide the shovel”

2 am. Saturday morning. A major software vulnerability has just been disclosed. Our security teams are scrambling to make sure the vulnerable packages have been patched. But what about business units that still run their own IT? How do we know who to contact?

Where can we file such time-critical bugs? During such an incident, time is of the essence. Incident responders need to know where to find certain critical information without wasting time.

This is what our work is about: identifying and making important data available. Based on a set of guiding principles we developed, we provide a holistic and comprehensive internal infrastructure as well as a set or processes to identify, organize, normalize and provide data so that, when a critical security situation arises, no time is wasted looking for the required information. In this talk we discuss the following: guiding principles, process of identifying potential important information, how to best aggregate and transform it, and how to make it available reliably. We look at practical and real-life examples, including some of the difficulties we face. Note that this talk will not focus on any actual product/solution but aims primarily to simply give a glimpse into the “backoffice” of cybersecurity, the work that goes on behind the scenes.

Register for this talk