Ms Sharon Tickell1
1CSIRO, St Lucia, Australia
Biography:
Sharon is a software engineer at CSIRO who has been involved in the design, deployment, and maintenance of several dozen eResearch web applications over the last decade and a half, from short-lived survey websites to the large and distributed eReefs web platform. She did not set out on her career with any intention of spending so much time on cybersecurity, but has had to learn some of the concepts and techniques presented in this talk out of necessity. She now hopes to help others avoid having to learning these the hard way.
https://orcid.org/0000-0003-1223-9935
Abstract:
At some point in their careers, many Research Software Engineers (RSEs) will find themselves being asked to build, deploy and/or maintain a web application that delivers research data and information to other researchers or the public via the internet. Doing so safely requires a working knowledge of information technology security concepts and techniques that many of us were never trained in, or which may have changed drastically since our training days occurred.
In a world where cybersecurity is a career specialisation of its own and new threats emerge much faster than we can redesign research infrastructure, how can we ensure our research web applications are safe as well as functional? What difference does it make if we deploy to the cloud instead of to our own organisation’s intranet? Which bits of IT security are up to us, and when is it time to ask for help? What is all this security effort going to cost my project budget?
I can’t promise easy answers, but this is an overview of some key concepts and techniques for mitigating cybersecurity risks at the design stage of eResearch web application developments, while still delivering on research goals.