A meetup from Ozon Tech dedicated to information security has just ended. And right now I…

A meetup from Ozon Tech dedicated to information security has just ended. And right now I'll tell you how it was ⤵️

The event took place at the Central University. First, as usual, I went through the registration stage and took a traditional photo with a badge ( I'm so sorry for the red eyes and tired look ). After I had played enough of a photographer, photographing everything and everyone, I proceeded to the presentation section, which was just beginning. A fairly large number of diverse information security specialists from many companies gathered in the conference room 👨‍💻

And so, when we all found our seats and calmly took them, the Director of Information Security, Kirill Myakishev, came on stage with an opening speech. He greeted everyone present, spoke a little about the meetup and gave the floor to the first speaker 💊

By tradition, I have made a summary of the report section for you ( this time I was better prepared and sent you the links to the broadcast in advance ):

1️⃣ Information security audits on data security - so what?
The first speaker was the head of the analytics group, Alena Kolobova, who spoke about information security audits and how exactly they should be carried out. She shared approaches that allow you to get real benefits from audits

2️⃣ How do you know if the L1 SOC is working well? Main metrics
The time has come for the second report, which was given by the head of the request processing and information security event management group, Maria Chikicheva. The presentation was dedicated to the L1 SOC device in Ozon. We discussed the main L1 efficiency metrics that the guys from Ozon adhere to

3️⃣ Training employees in the basics of secure development
The third speaker was the head of the application security group, Dmitry Emelyanov, who showed as part of the report why to tell developers about vulnerabilities and what types of training are used in information security. There was also a lot of interesting information about safety culture in general.

4️⃣ How we implemented DAST in Ozon
Leading application information security engineer, Evgeniy Shein, spoke about the experience of implementing DAST at Ozon. How exactly did they manage to build processes around dynamic analysis and what metrics are used within the company

5️⃣ LLM testing: an information security perspective
Emma Nekhorosheva appeared on stage, junior information security engineer, who raised important LLM security issues from an integration and model training perspective. She showed internal tests and their analysis

6️⃣ Role of the incident coordinator ov: why and how
The final speaker was the head of the incident response team, Andrey Gorelikov, who told us all about what an information security incident is and how it differs from an event. He explained what an incident coordinator does and what tasks he solves as part of his work

After the presentation section, networking, traditional for this kind of event, followed, during which we were able to communicate with colleagues from different companies and just have a great Tuesday evening 🌃

Good night everyone 😴

#information_security
#career