Q: Hi @MisterShak, you recently presented at OWASP and talked about automation. Could you tell us a little about this event? Was this your first time presenting at an OWASP event?
A: So OWASP is a semi-regular meetup of folks who have an interest in application security. This past session they asked me to present on Automation so I decided to present some novel solutions seen around the industry. And yep, this was my first time speaking at OWASP.
Q: How did you get started learning automation? What got you interested in the topic?
A: I think to a certain extent, automation is something that most people in the security industry dabble in whether they want to or not because scripts, homegrown tools, etc, usually rely on some type of automation to help us get through the mountain of work. But I really started getting heavy into it once I joined the Swimlane team.
Q:What practical ways do you recommend security professionals get started using automation?
A: Most are probably already using it in some capacity. But if you’re looking to actually scale it out for your team then really take the time to define the goals you want to achieve. Without some sort of tangible result you’ll just be spinning your wheels.
Q:Any advice on scoping automation projects?
A: Start simple. Ask the analysts what they do too much of and then work from there. A lot of people get in over their head with setting the bar too high to quick. But if you start by automating the routine tasks that can be a time suck the more complex uses will follow.
Q:Do you feel there is more of a use for automation on the offense or defense side? Or the same?
A: I’ll say “the same” but the usage between the two isn’t quite even. For true “Offensive Ops” I think automation has been embraced pretty heavily. Most of the malware that exists relies on some sort of automation for persistence or lateral movement. On the defensive side we’ve come a long way to integrate the capability within our systems but I think most folks have been hesitant b/c they don’t know when to add in human intervention and they’re not quite sure how to quantify the ROI for automation.
Questions for John? Ask away!