Thoughts On The IBM-Watson-Conversation Hackathon, London 2016

This October I had the privilege of participating in the IBM-Watson-Conversation Hackathon in London, as part of a five person BBC team. We eventually won out of the fifteen teams that participated, with our combination of technology, ‘human interest’ and humour being noted.
img_1012

These guys, right here….

The brief was simple: use IBM’s Watson powered Conversation engine to create a chatbot, integrating with Watson’s other Artificial Intelligence based APIs (e.g tone analysis, image recognition, context based news etc).
Conversation is a Natural Language Processing (NLP) engine, that allows the construction of non-linear, non-brittle dialogs. It’s integrated into a wider eco-system of IBM and Watson based products, using the IBM BlueMix cloud platform as its bedrock, so getting off the ground is as easy-as-pie. It also enables integration with select external services such as Foursquare and Twilio.

Continue reading

My Presentation at OWASP London

I recently had the honour of presenting a talk at OWASP London at Bank in London. The talk was originally aimed at my company’s ground troops (developers, product managers), but also clearly presents a way of organising a security team; this may sound trivial, but the way a security effort is organised has a big impact on how effective it is. My current project (about 120 people across seven teams) has approached this by nominating security champions in each team,  who manage risks using their own separate, cross team project (to avoid workflow issues), and having a unified ‘Security Council’.

owasp_2

Watch the video here!

The presentation was warmly received, and a number of good questions were asked, so it’s worth viewing the Q&A!

AppSec: Beat The “It’ll Never Get Fixed” Blues!

We’ve all been there.

We’re busily going about our work, when suddenly we notice something odd. Maybe it’s a badly thought out permission policy, maybe it’s some unprotected URL configuration that could be used to get an EC2 instance to spill its guts , but whatever it is, it smells.

But you’re knee deep in your own task, so you wearily go to JIRA, click ‘Create New’ and enter in the most perfunctory ticket description possible. And off it goes, your new little ticket, to reside deep within the project backlog, collecting crust with the other non-function-requirement tickets. Hey, business is business, and business needs features!

Or maybe you don’t do anything at all. ‘Cause why bother?

Either way, the problem never gets looked at, never gets evaluated and never gets fixed.

Continue reading