Ben Robertson

Ben Robertson is a Senior Professional Service Engineer at Puppet, an industry leader in IT automation. Ben has over 15 years' experience working in complex environments with a broad range of technologies across private and Government organisations. He has a passion for infosec security and applies this security mindset to all aspects of his work.

In his role, Ben works as a blend of DevOps Engineer and Client-facing consultant, helping customers to design and implement leading edge automation solutions.

Prior to commencing at Puppet, Ben worked as a gateway specialist at the Australian Government’s Department of Foreign Affairs and Trade and has also worked for Telstra as a Senior Security Specialist.

Ben attained a Bachelor of Computing, network design and security from Swinburne University in Melbourne.


Session

09-27
12:00
25min
Reducing operational toil when responding to your next critical CVE.
Ben Robertson

Log4j, shellshock, and Heartbleed. What do these vulnerabilities have in common? They add hours (if not days) of toil for IT operations – i.e., long days and long nights to identify and patch these critical vulnerabilities. Many organisations struggle to coordinate a timely response, and they’re often still identifying vulnerable systems after the initial response. Not to mention the large associated costs, including labor, recovery, communications, compliance, and lost productivity.

Why are we still having an issue with this today? Manual identification of vulnerable systems is not scalable when dealing with hundreds or even thousands of systems. Manual remediation is also fraught with human error.

What is the solution? By leveraging software engineering and DevOps tooling, we can automate identification methods specific to each CVE at scale to identify and remediate vulnerabilities.

Main Track
Main Track