Did you accept the risk? Dynamic risk metrics in your environment.

A presentation at SnykCon by Daniel "phrawzty" Maher

Risk management is relatively new to the security industry but in reality insurance teams, government, and finance have been using risk assessments to make decisions for years. In this talk we’ll demonstrate how to apply classical risk management concepts to modern DevOps practices. You’ll learn how to communicate across your organisation using a standard vocabulary to calculate risk at a service level, then see a demonstration of how to dynamically calculate and increase risk levels using Security Scores.


The following resources were mentioned during the presentation or are useful additional information.

  • Event listing

  • RRA assessment workshop

    This training shows how to walk through a risk assessment for an individual service using the Mozilla Rapid Risk Assessment Framework developed by Guillaume Destuynder and Julien Vehent.

Buzz and feedback

Here’s what was said about this presentation on social media.