Blogs

InfosecGirls Virtual Meet - 12th August, 2023

in Event

August 12, 2023

InfosecGirls Session - 12th August, 2023

 

Topic: Privacy engineering — data minimisation, retention policies, and privacy reviews alongside security design for new features.

 

Summary

  • Data minimisation: collect only what you need and default to deletion schedules.
  • Retention: legal holds vs product analytics; how to document exceptions.
  • Privacy review checklist for new features: purpose, consent, transfers, and DPIA triggers.
  • Partnering with security on shared threat models that include abuse and insider risk.

 

Continue reading

InfosecGirls Virtual Meet - 17th June, 2023

in Event

June 17, 2023

InfosecGirls Session - 17th June, 2023

 

Mentorship mixer: speed introductions, pairing by interest area (GRC, appsec, cloud, SOC), and resources for continued learning over the summer.

 

Summary

  • Speed rounds to match mentors and mentees by timezone and interest track.
  • Tracks called out: GRC, application security, cloud, and SOC/detection.
  • Shared summer learning list: free courses, labs, and conference watch parties.
  • Agreed follow-up cadence for pairs (fortnightly check-ins suggested, flexible).

 

Continue reading

InfosecGirls Virtual Meet - 22nd April, 2023

in Event

April 22, 2023

InfosecGirls Session - 22nd April, 2023

 

Topic: Incident response tabletop for small teams — roles, comms templates, and coordinating with legal and PR under pressure.

 

Summary

  • Assigned roles for tiny teams: incident lead, tech investigator, and comms liaison.
  • Draft comms templates for internal status, customer-facing updates, and regulator timelines.
  • Legal/PR touchpoints: evidence preservation, wording review, and holding statements.
  • Post-tabletop actions: update runbooks, contact trees, and backup on-call coverage.

 

Continue reading

InfosecGirls Virtual Meet - 18th February, 2023

in Event

February 18, 2023

InfosecGirls Session - 18th February, 2023

 

Topic: Secure software supply chain — dependency scanning, SBOM basics, and what changed in attacker patterns for CI/CD pipelines.

 

Summary

  • Dependency and container image scanning in PRs vs periodic audits.
  • SBOM 101: why inventory matters for incident response and licence risk.
  • CI/CD hardening: branch protections, signed commits, and secret scanning.
  • Recent attacker patterns: poisoned packages, typosquatting, and pipeline credential theft.

 

Continue reading

InfosecGirls Virtual Meet - 10th December, 2022

in Event

December 10, 2022

InfosecGirls Session - 10th December, 2022

 

Year-end community meet: highlights from chapters, thank-you to facilitators, and a light-hearted capture-the-flag style warm-up for newcomers.

 

Summary

  • Celebrated chapter and virtual-programme highlights from the year.
  • Thanked facilitators, note-takers, and behind-the-scenes volunteers.
  • Beginner-friendly CTF-style puzzles as a low-pressure group activity.
  • Preview of themes members wanted more of in 2023 (cloud, appsec, career panels).

 

Continue reading

InfosecGirls Virtual Meet - 12th November, 2022

in Event

November 12, 2022

InfosecGirls Session - 12th November, 2022

 

Chapter updates, volunteer opportunities, and a Q&A block for students and early-career members navigating certifications and hands-on practice.

 

Summary

  • Chapter leads shared upcoming local and hybrid plans where available.
  • Open roles: event hosts, social media helpers, and mentorship circle organisers.
  • Cert discussion: picking exams that match role goals vs collecting badges.
  • Hands-on paths: home labs, CTF write-ups, and safe bug-bounty practice environments.

 

Continue reading

InfosecGirls Virtual Meet - 15th October, 2022

in Event

October 15, 2022

InfosecGirls Session - 15th October, 2022

 

Topic: Security awareness and phishing simulations done responsibly — consent, metrics that help rather than shame, and inclusive comms.

 

Summary

  • Why advance notice and opt-in norms reduce harm and build trust with staff.
  • Metrics beyond click rates: reporting speed, training completion, and help-desk load.
  • Inclusive messaging: avoid blame, offer clear reporting paths, and support neurodiverse learners.
  • Pairing simulations with short teachable moments instead of punishment-only cycles.

 

Continue reading

InfosecGirls Virtual Meet - 10th September, 2022

in Event

September 10, 2022

InfosecGirls Session - 10th September, 2022

 

Topic: Web application security testing workflow — scoping, safe testing in staging, and reporting findings so engineering teams can act on them.

 

Summary

  • Emphasised written scope: environments, credentials, out-of-scope systems, and emergency contacts.
  • Safe testing habits: staging-first, rate limits, and evidence handling without exposing sensitive data.
  • Reporting format: clear repro steps, severity rationale, and suggested fixes where possible.
  • Handoff tips: triage with engineering, track retests, and celebrate fixed issues.

 

Continue reading

InfosecGirls Virtual Meet - 16th July, 2022

in Event

July 16, 2022

InfosecGirls Session - 16th July, 2022

 

Open networking meet: career transitions into security, interview preparation, and peer introductions across chapters.

 

Summary

  • Breakout-style intros across chapters and time zones.
  • Swapped practical tips for resumes, portfolios, and story-based interview answers.
  • Peer stories on moving from IT, development, QA, or academia into security roles.
  • Collected volunteer offers for mock interviews and CV reviews in follow-up threads.

 

Continue reading

InfosecGirls Virtual Meet - 14th May, 2022

in Event

May 14, 2022

InfosecGirls Session - 14th May, 2022

 

Topic: Cloud security fundamentals — shared responsibility, IAM hygiene, and common misconfigurations in object storage and identity.

 

Summary

  • Clarified shared responsibility: what the cloud provider secures vs what customers own.
  • IAM hygiene checklist: least privilege, no long-lived keys where avoidable, break-glass patterns.
  • Object storage pitfalls: public buckets, weak ACLs, and logging/monitoring gaps.
  • Identity federation and org-wide guardrails as scalable controls.

 

Continue reading

Search

Categories

Tags