Drupal Defence in Depth

Time: Thursday 21st March 11:45-12:15
Room: Main Ballroom
Track: Drupal Development

In today's digital landscape with continually evolving cyber threats, ensuring your Drupal website's security is crucial.

The NIST Cybersecurity Framework (NIST CSF) is recognised globally as one of the leading standards for organisational cybersecurity management. The NIST CSF covers the following five domains:
Identify
Protect
Detect
Respond and
Recover

This presentation will include an overview of the NIST domains. Then we’ll look at what Drupal developers and DevOps specialists need to do to comply with NIST CSF, with a focus on Drupal and hosting.

We’ll also briefly cover seven key layers for Drupal security:
Layer 1 — infrastructure
Layer 2 — container hosting
Layer 3 — Drupal application
Layer 4 — edge protection
Layer 5 — content delivery
Layer 6 — people
Layer 7 — process

Attendees will leave with a better understanding of security practices and how they can make their Drupal websites and platforms more secure and resilient.

Speakers

Ming Quah
Ming is a DevOps specialist, who’s currently working on Salsa’s hosting platform and our client platforms (GovCMS and Victoria’s Single Digital Presence).

Ming has over 3 years’ experience as a DevOps engineer. Before working for Salsa, Ming worked for Victoria’s Department of Premier and Cabinet (DPC), working on the Single Digital Presence platform. He started at DPC as a support developer and then moved to support lead.

Ming has also co-written and published a paper on a research project he was involved in. The paper, VisCrime: A Crime Visualisation System for Crime Trajectory from Multi-Dimensional Sources, was presented at the Twelfth ACM International Conference on Web Search and Data Mining.

Ming has a Bachelor of Computer Science, majoring in cybersecurity. Ming worked on several cybersecurity projects during his time at Salsa and DPC, including the development of Salsa’s in-house security information and event management (SIEM) and Intrusion detection systems (IDS) and intrusion prevention systems solution as well as the whole-of-Victorian-Government email security uplift across dozens of vic.gov.au domains.

In addition to DevOps and security experience, Ming has experience with Drupal development, having written and contributed to a number of custom modules for Drupal 8 and 9.