Was I Supposed to Mix the Security in Before I baked it?

Presented at RVAsec 2019, May 23, 2019, 10:10 a.m. (50 minutes)

Security practitioners advocate ideals through clichés and analogies to help others understand complex problems.  One prominent analogy espouses baking security into a solution instead of bolting security on at the end.  This seems like an obvious analogy – a baker certainly can’t add flour to a cake after it’s in the oven.  In business reality, time-to-market beats security every day of the week.  How can an architect bake security into solutions when the extra time could result in a failed venture?  This talk explores the realities of blending security into the design and implementation of solutions with a goal of realizing better is not the enemy of perfect.  Some implementations bolt on security beautifully; other design patterns prove impossible to correct.  Look forward to a meme-filled tour of architectures, design patterns, and lessons learned that will help security practitioners and business people identify if they’re cooking soup or baking cakes (…if that sounds like a mixed metaphor, don’t be late for supper).


  • Brandon Martin
    Brandon Martin is a solo security practitioner at Deconstructed Security, LLC. He helps clients find the right investments, partners, and internal improvements to mitigate cybersecurity risk. Through his experiences he earned the Offensive Security Certified Professional (OSCP), Certified Information System Security Professional (CISSP), Certified in Risk and Information Systems Controls (CRISC) and 6-Sigma Blackbelt. Brandon performed roles in software engineering, project management, business analysis, penetration testing, and compliance consulting. Before his current role he worked in heavy industry, banking and network security. In his spare time Brandon enjoys spending time with family, writing code, and mentoring young people with his church’s youth program.


Similar Presentations: