Event

InfosecGirls Virtual Meet - 21st October, 2023

in Event

October 21, 2023

InfosecGirls Session - 21st October, 2023

 

Topic: Detection engineering primer — log sources that matter, high-value use cases, and avoiding alert fatigue for small SOC teams.

 

Summary

  • Prioritised log sources: identity, endpoint, proxy, email, and cloud control plane.
  • High-value detections: auth anomalies, rare process chains, and data exfil patterns.
  • Alert design: clear runbook links, deduplication, and severity tied to business impact.
  • Small-team tactics: borrow community rules, tune aggressively, and measure false positives.

 

Continue reading

InfosecGirls Virtual Meet - 23rd September, 2023

in Event

September 23, 2023

InfosecGirls Session - 23rd September, 2023

 

Topic: API security — authentication patterns, rate limiting, abuse cases, and testing APIs consistently in pre-production.

 

Summary

  • Auth patterns: OAuth2/OIDC pitfalls, token lifetimes, and scope validation.
  • Rate limiting and abuse detection: per-user, per-IP, and burst handling.
  • Abuse cases beyond OWASP API Top 10: scraping, credential stuffing, and partner misuse.
  • Pre-prod testing: contract tests, fuzzing, and schema validation in CI.

 

Continue reading

InfosecGirls Virtual Meet - 12th August, 2023

in Event

August 12, 2023

InfosecGirls Session - 12th August, 2023

 

Topic: Privacy engineering — data minimisation, retention policies, and privacy reviews alongside security design for new features.

 

Summary

  • Data minimisation: collect only what you need and default to deletion schedules.
  • Retention: legal holds vs product analytics; how to document exceptions.
  • Privacy review checklist for new features: purpose, consent, transfers, and DPIA triggers.
  • Partnering with security on shared threat models that include abuse and insider risk.

 

Continue reading

InfosecGirls Virtual Meet - 17th June, 2023

in Event

June 17, 2023

InfosecGirls Session - 17th June, 2023

 

Mentorship mixer: speed introductions, pairing by interest area (GRC, appsec, cloud, SOC), and resources for continued learning over the summer.

 

Summary

  • Speed rounds to match mentors and mentees by timezone and interest track.
  • Tracks called out: GRC, application security, cloud, and SOC/detection.
  • Shared summer learning list: free courses, labs, and conference watch parties.
  • Agreed follow-up cadence for pairs (fortnightly check-ins suggested, flexible).

 

Continue reading

InfosecGirls Virtual Meet - 22nd April, 2023

in Event

April 22, 2023

InfosecGirls Session - 22nd April, 2023

 

Topic: Incident response tabletop for small teams — roles, comms templates, and coordinating with legal and PR under pressure.

 

Summary

  • Assigned roles for tiny teams: incident lead, tech investigator, and comms liaison.
  • Draft comms templates for internal status, customer-facing updates, and regulator timelines.
  • Legal/PR touchpoints: evidence preservation, wording review, and holding statements.
  • Post-tabletop actions: update runbooks, contact trees, and backup on-call coverage.

 

Continue reading

InfosecGirls Virtual Meet - 18th February, 2023

in Event

February 18, 2023

InfosecGirls Session - 18th February, 2023

 

Topic: Secure software supply chain — dependency scanning, SBOM basics, and what changed in attacker patterns for CI/CD pipelines.

 

Summary

  • Dependency and container image scanning in PRs vs periodic audits.
  • SBOM 101: why inventory matters for incident response and licence risk.
  • CI/CD hardening: branch protections, signed commits, and secret scanning.
  • Recent attacker patterns: poisoned packages, typosquatting, and pipeline credential theft.

 

Continue reading

InfosecGirls Virtual Meet - 10th December, 2022

in Event

December 10, 2022

InfosecGirls Session - 10th December, 2022

 

Year-end community meet: highlights from chapters, thank-you to facilitators, and a light-hearted capture-the-flag style warm-up for newcomers.

 

Summary

  • Celebrated chapter and virtual-programme highlights from the year.
  • Thanked facilitators, note-takers, and behind-the-scenes volunteers.
  • Beginner-friendly CTF-style puzzles as a low-pressure group activity.
  • Preview of themes members wanted more of in 2023 (cloud, appsec, career panels).

 

Continue reading

InfosecGirls Virtual Meet - 12th November, 2022

in Event

November 12, 2022

InfosecGirls Session - 12th November, 2022

 

Chapter updates, volunteer opportunities, and a Q&A block for students and early-career members navigating certifications and hands-on practice.

 

Summary

  • Chapter leads shared upcoming local and hybrid plans where available.
  • Open roles: event hosts, social media helpers, and mentorship circle organisers.
  • Cert discussion: picking exams that match role goals vs collecting badges.
  • Hands-on paths: home labs, CTF write-ups, and safe bug-bounty practice environments.

 

Continue reading

InfosecGirls Virtual Meet - 15th October, 2022

in Event

October 15, 2022

InfosecGirls Session - 15th October, 2022

 

Topic: Security awareness and phishing simulations done responsibly — consent, metrics that help rather than shame, and inclusive comms.

 

Summary

  • Why advance notice and opt-in norms reduce harm and build trust with staff.
  • Metrics beyond click rates: reporting speed, training completion, and help-desk load.
  • Inclusive messaging: avoid blame, offer clear reporting paths, and support neurodiverse learners.
  • Pairing simulations with short teachable moments instead of punishment-only cycles.

 

Continue reading

InfosecGirls Virtual Meet - 10th September, 2022

in Event

September 10, 2022

InfosecGirls Session - 10th September, 2022

 

Topic: Web application security testing workflow — scoping, safe testing in staging, and reporting findings so engineering teams can act on them.

 

Summary

  • Emphasised written scope: environments, credentials, out-of-scope systems, and emergency contacts.
  • Safe testing habits: staging-first, rate limits, and evidence handling without exposing sensitive data.
  • Reporting format: clear repro steps, severity rationale, and suggested fixes where possible.
  • Handoff tips: triage with engineering, track retests, and celebrate fixed issues.

 

Continue reading

Search

Categories

Tags