Using Encryption for Product Security Shadow Session - NOV 11

 

This seminar was about using encryption for product security. In this scenario, the Coach is modeling the work of Product Security Engineer by developing a plan to protect sensitive health records. The task is to learn how to incorporate security encryption as a product feature. There were no supplemental materials provided. There was a guest speaker in this one, and so I was doubly excited to participate.

The coach talked about asymmetric and symmetric encryption, their experience with working on product security etc. We had a pretty solid discussion on email encryption, sending sensitive information through emails that was a lot of fun. I have to say, the Host and the Coaches really make a very fun and engaging atmosphere and make it easy for people to interact with each other without any inhibitions or fear. I was really nervous when i did my first seminar but it was really easy to engage with them. 

A participant asked a really good question, "How do you ensure security as a part of the product? How do you know which encryption is the most appropriate and where do you place it as a part of the product development cycle?" What a cool question, and it was answered really comprehensively. (I was engaged in a discussion with someone about hashing and CTFs and CyberChef at the time this question was asked lol. ) And then we all pooled in ideas about what needs to be encrypted so for eg Medical History, Bloodwork, Invoice Details, Clients Social Security etc. Then we again devolved to a discussion on steganography in the chat. This was a really interactive session honestly. These are the questions I asked. 

So that was all. Walked away from the seminar with a lot of knowledge, confidence and an Elton John-Dua lipa Remix song. Loads of fun!