Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How GitHub Uses GitHub to Defend GitHub

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Scott J. Roberts Scott J. Roberts
February 24, 2014
Technology
3
340

How GitHub Uses GitHub to Defend GitHub

A talk I gave for a closed conference right around RSA 2014.

Avatar for Scott J. Roberts

Scott J. Roberts

February 24, 2014
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
LLM SATs FTW
Avatar for Scott J. Roberts sroberts
0
970
STRAT - A System-Centric Approach to Cyber Resilience
Avatar for Scott J. Roberts sroberts
0
56
Tortured Responders Dept - Scott & Rebekah's Edition
Avatar for Scott J. Roberts sroberts
0
140
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
Avatar for Scott J. Roberts sroberts
0
160
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
Avatar for Scott J. Roberts sroberts
0
98
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
Avatar for Scott J. Roberts sroberts
0
94
Homemade Ramen & Threat Intelligence
Avatar for Scott J. Roberts sroberts
2
580
Introduction to Open Source Security Tools
Avatar for Scott J. Roberts sroberts
3
5k
Building Effective Threat Intelligence Sharing
Avatar for Scott J. Roberts sroberts
1
130

Other Decks in Technology

See All in Technology
茨城の思い出を振り返る ~CDKのセキュリティを添えて~ / 20260201 Mitsutoshi Matsuo
Avatar for SHIFT EVOLVE shift_evolve
PRO
1
190
Kiro IDEのドキュメントを全部読んだので地味だけどちょっと嬉しい機能を紹介する
Avatar for khmoryz khmoryz
0
160
Claude_CodeでSEOを最適化する_AI_Ops_Community_Vol.2__マーケティングx_AIはここまで進化した.pdf
Avatar for 小笠原理久 riku_423
2
450
プロポーザルに込める段取り八分
Avatar for ShoheiMitani shoheimitani
1
170
Tebiki Engineering Team Deck
Avatar for Tebiki, Inc. tebiki
0
24k
仕様書駆動AI開発の実践: Issue→Skill→PRテンプレで 再現性を作る
Avatar for 西岡 賢一郎 (Kenichiro Nishioka) knishioka
2
590
All About Sansan – for New Global Engineers
Avatar for Sansan, Inc. sansan33
PRO
1
1.3k
なぜ今、コスト最適化(倹約)が必要なのか? ~AWSでのコスト最適化の進め方「目的編」~
Avatar for Hayato Tan htan
1
110
Meshy Proプラン課金した
Avatar for henjin0 henjin0
0
250
FinTech SREのAWSサービス活用/Leveraging AWS Services in FinTech SRE
Avatar for maaaato maaaato
0
120
Deno・Bunの標準機能やElysiaJSを使ったWebSocketサーバー実装 / ラーメン屋を貸し切ってLT会! IoTLT 2026新年会
Avatar for you(@youtoy) you
PRO
0
290
15 years with Rails and DDD (AI Edition)
Avatar for Andrzej Krzywda andrzejkrzywda
0
170

Featured

See All Featured
Paper Plane
Avatar for Katie Cordina Lindsey katiecoart
PRO
0
46k
Exploring the relationship between traditional SERPs and Gen AI search
Avatar for Ray Grieselhuber raygrieselhuber
PRO
2
3.6k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
527
40k
The Mindset for Success: Future Career Progression
Avatar for Greg Gifford greggifford
PRO
0
230
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
32
2k
Information Architects: The Missing Link in Design Systems
Avatar for Michelle Chin soysaucechin
0
770
Navigating the moral maze — ethical principles for Al-driven product design
Avatar for Skipper Chong Warson skipperchong
2
240
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
5k
Heart Work Chapter 1 - Part 1
Avatar for Lake Fama lfama
PRO
5
35k
Ten Tips & Tricks for a 🌱 transition
Avatar for Manu Carrasco Molina stuffmc
0
64
Claude Code どこまでも/ Claude Code Everywhere
Avatar for nwiizo nwiizo
61
52k

Transcript

  1. ! To Defend Scott J Roberts Bad Guy Catcher Uses

    How

  2. this isn’t a sales pitch… but it is about using

    GitHub the product

  3. Our Goals • Use current tools & paradigms • Fast

    • Secure • Transparent to coworkers

  4. We live on GitHub (shocking!) • Writing code • Writing

    documentation • Having long running collaborative discussions • So why not incident response?

  5. Our Incident Process • Create an incident name • Create

    an incident branch • Apply the Incident Template • Open a Pull Request • “Run it down” • Finalize & Merge • it

  6. Create an incident name • Two word names • First

    word is “actor” - to the extent we know • Second word is the incident • Initials should be unique

  7. Create an “Incident Branch”

  8. Add Incident Template

  9. Our Templates

  10. Our Templates

  11. Git Add, Commit, & Push

  12. Open a Pull Request

  13. Open a Pull Request

  14. “Run it down”

  15. “Run it down” • Using the Pull Request workflow for

    IR: • Ties response directly to the code, such as fixes • Allows us to pull in relevant users & teams as necessary • Lets us categorize, organize, & track using Milestones, Labels, & States

  16. Finalize and Merge

  17. it • We share GitHub security incidents with all Hubbers

    • This helps us with a few things: • Raising OpSec awareness • Identifying & developing new features • Building user trust

  18. Quick Review 1. Create a branch 2. Add & fill

    out template 3. Add, commit, & push 4. Open a Pull Request 5. “Run it down” 6. Finalize & Merge

  19. Wake Up,
 Go T o War