Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How GitHub Uses GitHub to Defend GitHub
Search
Scott J. Roberts
February 24, 2014
Technology
3
340
How GitHub Uses GitHub to Defend GitHub
A talk I gave for a closed conference right around RSA 2014.
Scott J. Roberts
February 24, 2014
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
490
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
23
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
120
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
110
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
73
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
51
Homemade Ramen & Threat Intelligence
sroberts
2
550
Introduction to Open Source Security Tools
sroberts
3
4.9k
Building Effective Threat Intelligence Sharing
sroberts
1
120
Other Decks in Technology
See All in Technology
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
820
Delegating the chores of authenticating users to Keycloak
ahus1
0
190
“日本一のM&A企業”を支える、少人数SREの効率化戦略 / SRE NEXT 2025
genda
1
280
LLM拡張解体新書/llm-extension-deep-dive
oracle4engineer
PRO
24
6.6k
How to Quickly Call American Airlines®️ U.S. Customer Care : Full Guide
flyaahelpguide
0
240
An introduction to Claude Code SDK
choplin
2
1.5k
クラウド開発の舞台裏とSRE文化の醸成 / SRE NEXT 2025 Lunch Session
kazeburo
1
620
ゼロから始めるSREの事業貢献 - 生成AI時代のSRE成長戦略と実践 / Starting SRE from Day One
shinyorke
PRO
0
140
本当にわかりやすいAIエージェント入門
segavvy
5
2.9k
Figma Dev Mode MCP Serverを用いたUI開発
zoothezoo
0
250
AIコードアシスタントとiOS開発
jollyjoester
0
160
無理しない AI 活用サービス / #jazug
koudaiii
0
100
Featured
See All Featured
Optimizing for Happiness
mojombo
379
70k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.6k
The Invisible Side of Design
smashingmag
301
51k
Producing Creativity
orderedlist
PRO
346
40k
Building an army of robots
kneath
306
45k
4 Signs Your Business is Dying
shpigford
184
22k
Agile that works and the tools we love
rasmusluckow
329
21k
How to Ace a Technical Interview
jacobian
278
23k
Faster Mobile Websites
deanohume
308
31k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
700
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
8
340
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Transcript
! To Defend Scott J Roberts Bad Guy Catcher Uses
How
this isn’t a sales pitch… but it is about using
GitHub the product
Our Goals • Use current tools & paradigms • Fast
• Secure • Transparent to coworkers
We live on GitHub (shocking!) • Writing code • Writing
documentation • Having long running collaborative discussions • So why not incident response?
Our Incident Process • Create an incident name • Create
an incident branch • Apply the Incident Template • Open a Pull Request • “Run it down” • Finalize & Merge • it
Create an incident name • Two word names • First
word is “actor” - to the extent we know • Second word is the incident • Initials should be unique
Create an “Incident Branch”
Add Incident Template
Our Templates
Our Templates
Git Add, Commit, & Push
Open a Pull Request
Open a Pull Request
“Run it down”
“Run it down” • Using the Pull Request workflow for
IR: • Ties response directly to the code, such as fixes • Allows us to pull in relevant users & teams as necessary • Lets us categorize, organize, & track using Milestones, Labels, & States
Finalize and Merge
it • We share GitHub security incidents with all Hubbers
• This helps us with a few things: • Raising OpSec awareness • Identifying & developing new features • Building user trust
Quick Review 1. Create a branch 2. Add & fill
out template 3. Add, commit, & push 4. Open a Pull Request 5. “Run it down” 6. Finalize & Merge
Wake Up, Go T o War